RE: VPN & Security Question

Even in an industry like banking I would neve use VPN to increase security of
an RDP or ICA Connection. For increased security (if you're not satisifed
with the 128 bit encryption that RDP provides) look into secondary
authentication like Biometrics or SecureID/SafeWord.

VPNs are great for connecting remote offices, but way too much
administrative burden to use for individual remote user connections.

Brian Madden and I (along with the rest of the TS MVPs) had this same
conversation with the MSFT TS Product team who was not willing to say that TS
should be deployed over the Internet w/o VPN, but we told them that we do it
and recommend it all the time w/o any issues.

Show me an exploited RDP Connection before deciding you need more security.
Make sure you have a good password policy and that your TS is behind a
firewall and you should be fine.

--
Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com


"mrussogfc" wrote:

> Richard what industry do you work in? If you work in banking or some other
> high risk area you may have to use VPN otherwise why bother.
> --
> callwalker
>
>
> "Richard Brooks" wrote:
>
> > I hope this is not a stupid question but is a VPN really necessary for
> > secure terminal services? If you change the servers administrator name to
> > something encrypted and use 8 alpha numeric character strong passwords and
> > set the encryption to high, how would someone gain access to the server?
> > With brute force, you would not only have to try all passwords but all
> > usernames as well. And if the encryption is set to high, Man in the middle
> > attacks would not be very effective either. Also, you would set policy so
> > only an administrator can log in to the server, so social engineering would
> > not be an issue either. So, why add the extra VPN layer that only degrades
> > performance?
> >
> > Thanks
> >
> >
> >
> >
.

Relevant Pages

  • RE: VPNs - Firewalls and Security
    ... we turned off sysopt connection permit ipsec and then added the ... VPN connections. ... VPN's - Firewall's and Security ... You had configured that vpn users access internal network, ...
    (Security-Basics)
  • Re: VPN vs RPC over HTTP
    ... RPC over HTTP is a method of connecting to Exchange, it does not replace VPN ... The RDP Proxy is a service which runs on the SBS. ... Terminal Services ActiveX control into the remote web browser and passes ... tunnel which allows a remote PC an IP connection to the local LAN. ...
    (microsoft.public.windows.server.sbs)
  • Re: RDP 6.0 security
    ... In normal practice, I do as you described - namely, after the VPN ... But knowing that RDP 6.0 DOES encrypt the password is reassuring for those ... occasions that I cannot establish a VPN connection in some ... I do use the highest encryption ...
    (microsoft.public.windowsxp.network_web)
  • Re: RDP connection via dyndns
    ... you to establish a VPN connection to the network then RDP to individual computers over the VPN connection. ... With multiple RDP ports you're limiting the connection to solely RDP connections. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN & Security Question
    ... Just one port: TCP Port 3389 ... I don't believe in using VPN to connect home/SOHO users because it's very ... difficult to know the status of their end of the connection. ... > VPN was a critical piece of security best practices, ...
    (microsoft.public.windows.terminal_services)