Re: Remote Desktop and VPN
From: daniel (daniel_at_nospampreferkosherkingsleynetworks.com)
Date: 01/21/05
- Next message: pspsbs: "Error Message while trying to connect to the Internet"
- Previous message: ray3d84: "Re: Remote Desktop Connection"
- In reply to: SuperGumby [SBS MVP]: "Re: Remote Desktop and VPN"
- Next in thread: chad_at_bluestream.org: "Re: Remote Desktop and VPN"
- Reply: chad_at_bluestream.org: "Re: Remote Desktop and VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 Jan 2005 09:54:44 -0000
Smiling as I write :-) never vehement just passionate.
I'm wrong about RWW according to MS it is pretty much RDP over HTTP and I
apologise.
as far as VPN in its default configuration is concerned, it does provide
wide protocol access and you are correct about such scenarios, However you
can specify exactly which traffic you want to allow very easily through
RRAS.
You can also map Printers, Clipboard Serial ports and Local drives to a
server from an RDP session without much thought.
The point was not to suggest which is better as I use both for failover
myself but merely to suggest ways to make them both more secure.
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:uf54Xk5$EHA.2016@TK2MSFTNGP15.phx.gbl...
> OOOOOOOH, a vehement disagreement, just what I needed.
>
> Did I say RDP via RWW _was_ RDP over HTTPS, not in my estimation. However,
> RDP via RWW uses an HTTPS connection to initiate an RDP connection,
> particularly if you have an SBS 2003 Premium system including a 2 NIC ISA
> configuration it is VERY secure. GO ON, TRY IT, try to connect to my IP on
> port 4125 (mickmalloy.dyndns.org), I can, after logging into RWW and
> choosing the right options.
>
> VPNs are less secure per se. Not because they are PPTP vs L2TP vs IPSEC vs
> WHATEVER. When you allow a remote user to VPN into your network you
> basically invite their whole network into yours, you don't control their
> machine let alone their network.
> eg. The CEO wants a permanent connection from home to the office, so you
> put a VPN capable router at his home. His kids also want internet access
> through the same device. He's a cheapskate and won't pay for dedicated
> connections for the two activities, and why should he? The CEO is a smart
> internet user, but what about his 10yr old running Kazaa?
>
> RDP via RWW does not compromise your network in this manner.
>
> "daniel" <daniel@nospampreferkosherkingsleynetworks.com> wrote in message
> news:uezpeX5$EHA.2032@tk2msftngp13.phx.gbl...
>> RWW is NOT RDP over HTTPS it is merely a convenient method of connecting
>> to users remote desktops etc. by redirecting them to a web page it still
>> uses RDP 'unwrapped'
>>
>> PPTP VPNs ie the default setup is a very poor example of supposedly
>> secure access. I was merely pointing out that there are better ways of
>> allowing remote users etc a more secure experience that are immediately
>> available without additional cost just a little thought, reading and
>> experimentation.
>> If you remain confident about displaying a hack me here logo then by all
>> means off you go and publish RDP. I am suggesting alternatives that are
>> very easy to implement and will increase your security by an order of
>> magnitude at least as far as encryption and two factor authentication is
>> concerned.
>> I'll tell you something else, SSH runs fine on any Windows box, its very
>> cool and its also free unless you really have to have an installer or
>> support etc. I'll grant you its not a bundled application but nor is anti
>> virus, a decent spyware solution nor a decent backup solution included in
>> SBS , does that mean I shouldn't try and install them?
>>
>> I agree about the VPN there are pitfalls to all solutions and nobody is
>> really secure, I just hate the Blase.
>> publish this publish that, when you know as well as I do the majority of
>> people are using default out of the box setups without thought of
>> security and don't look for better alternatives.
>>
>> regards
>>
>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
>> news:utTgUs4$EHA.608@TK2MSFTNGP15.phx.gbl...
>>> VPN is no more secure than direct publishing of TS. Matter of fact, from
>>> some angles a VPN is much less secure.
>>> Just how are you going to use SSH in an SBS environment?
>>> MS released RDP via RWW some time ago, many SBS2003 owners use this
>>> facility.
>>>
>>> "daniel" <daniel@nospampreferkosherkingsleynetworks.com> wrote in
>>> message news:uK8aBbk$EHA.1564@TK2MSFTNGP09.phx.gbl...
>>>> Yes there is a small risk when publishing a remote desktop directly.
>>>> VPN or SSH port forwarding is a better way. Standard PPTP VPNs carry a
>>>> risk so try with EAP/TLS or L2TP/IPSEC. If you have ISA you can just
>>>> disable the filter allowing inbound TCP 3389 on standard edition run
>>>> the CEICW and uncheck Terminal Services.
>>>>
>>>> You can also use RWW to connect to remote desktop but I don't believe
>>>> this is anymore secure. Microsoft are due to release RDP over HTTPS
>>>> much like the Exchange RPC proxy so this will eventually provide what
>>>> we are all looking for.
>>>>
>>>>
>>>> "Tom S" <TomS@discussions.microsoft.com> wrote in message
>>>> news:ED5F968E-C012-4851-A303-53248C9DA4C1@microsoft.com...
>>>>>I can access our SBS 2003 from remote with Remote Desktop using the
>>>>>external
>>>>> IP address but I am concerned with security of this and would rather
>>>>> have
>>>>> this set to not allow a remote session to our public IP address. I
>>>>> would like
>>>>> to set up the system to only allow Remote Desktop to the internal IP
>>>>> of the
>>>>> server, VPN into the system and then use remote desktop to the local
>>>>> IP. If I
>>>>> VPN in now I can connect to the server using the internal IP but I can
>>>>> also
>>>>> remote in without VPN by using our external IP. Isn't this a security
>>>>> risk?
>>>>>
>>>>> Can this be setup this way?
>>>>>
>>>>> Thanks in advance for any help.
>>>>>
>>>>> Tom
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: pspsbs: "Error Message while trying to connect to the Internet"
- Previous message: ray3d84: "Re: Remote Desktop Connection"
- In reply to: SuperGumby [SBS MVP]: "Re: Remote Desktop and VPN"
- Next in thread: chad_at_bluestream.org: "Re: Remote Desktop and VPN"
- Reply: chad_at_bluestream.org: "Re: Remote Desktop and VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
