Re: Spreading Virus/worms/spyware via terminal server connections?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Yup. That should not be problem with the SonicWall firewall - I can open TCP
443 and 3389 ports fairly easy.

Again - thanks for all help on this - really appreciate it.

I'll query my sonicwall vendor if they have any features where it can
scan/filter VPN sessions for virus/spyware at the firewall/gateway level -
that way if an home PC is infected it will not pass it to our LAN.



--
LPJ


"Lanwench [MVP - Exchange]" wrote:

>
>
> In news:B7D558E4-BE46-4061-B72B-242DE775BE9E@xxxxxxxxxxxxx,
> Luigi <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
> > Thanks for the clarification. Let me clarifiy what is on my
> > environment...Yes, we already have a SonicWall 2040 Firewall using a
> > VPN policy that utilizes IPSec/DES in place. Our remote users are
> > using SonicWall GlobalVPN client.
>
> See if you can control what traffic you can block - if you allow TCP 443 and
> 3389
> only , you aren't running much risk. If you can't, don't do this. I haven't
> tried this with Sonicwalls so I'm not sure whether it's even possible, but
> it might be.
>
> >
> > We currently have remote users connecting thru our firewall via VPN.
> > These remote users are using company managed/issued laptops with
> > updated anti-virus/anti-spyware installed. The problem is now more
> > users wants to work from home - I don't have any additional laptops -
> > I want to utilize the web browser based remote connection feature of
> > Terminal Server - thus my security questions re: Remote Desktop Web
> > Connection - since I don't have control of their home personal
> > computer - anti-virus, anti-spyware not being updated and not knowing
> > what is installed on their home PC - you answered my question as the
> > remote users using RDWC will be 'looking' at a picture of the
> > server. Thus their infected personal PC will not infect the terminal
> > server.
> >
> > My other concern about hacking the RDWC session - you mentioned that
> > TS sessions are encyrpted anyway so we should be fairly safe on that
> > question.
> >
> > Re: Securing VPN connections - Since VPN will allow remote users to
> > directly access our LAN resources - I'll continue our policy of only
> > utilizing VPN on company issued laptops only. If I utilize VPN on a
> > unsecured personal home PC I risk the chances of the LAN of getting
> > infected. I want to utilized VPN because of it's security but unless
> > you have techique or solution of protecting the LAN from remote VPN
> > user's infected PCs - let me know.
> >
> > LPJ
> >
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >>
> >> "Luigi" <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:F4AD5222-EE8C-4939-93A3-EDC4979682EC@xxxxxxxxxxxxxxxx
> >>> Thanks - that help answer a few issues I had.
> >>> ======================
> >>> Can you clarify the following: What do you mean "not" to the LAN
> >>> itself - do you mean setup a DMZ? Can you provide more details or
> >>> techiques that are
> >>> used.
> >>>
> >>
> >> Depends on what equipment you've got, and what your budget is. A
> >> firewall appliance or something that acts as the VPN endpoint could
> >> be configured to control what kind of traffic was permitted via the
> >> tunnel. I wouldn't use Windows for VPN.
> >>
> >> I suggest you post in microsoft.public.windows.server.networking for
> >> more help....I'm getting a little out of my depth. :)
> >>
> >>
> >>> Thanks! Appreciate your answers and recommendations.
> >>>
> >>> Luigi
> >>>
> >>>
> >>>> - can a
> >>>> home network that is infected with worms/virus/spyware - infect the
> >>>> office
> >>>> LAN via the VPN or Terminal Server?
> >>>
> >>> Yes, re VPN. You could let them VPN *not* to the LAN itself,
> >>> though....and avoid PPTP.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> LPJ
> >>>
> >>>
> >>> "Lanwench [MVP - Exchange]" wrote:
> >>>
> >>>>
> >>>> "Luigi" <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>>> news:DF3F9D99-1A35-43D2-9383-1D31E2802066@xxxxxxxxxxxxxxxx
> >>>>> How safe is a Terminal Server Service running Remote Desktop Web
> >>>>> Connection
> >>>>> if the remote client's home PC is infected with a worm/virus or
> >>>>> spyware.
> >>>>> Can
> >>>>> the worm/virus/ spyware utilize the Terminal services client's web
> >>>>> connection
> >>>>> to spread the virus/worm/spyware to the office LAN/WAN?
> >>>>
> >>>> You're just looking at a "picture" of the remote server, remember
> >>>> - so, no,
> >>>> this shouldn't really be a concern.
> >>>>
> >>>>>
> >>>>> Can someone intercept/hack a terminal server session's Remote
> >>>>> Desktop WEB
> >>>>> connection?
> >>>>
> >>>> Sure. People can do a lot of things. You can just add as many
> >>>> obstacles as
> >>>> possible, including using VPN to make the initial connection - not
> >>>> PPTP, either, but L2TP/IPSEC. Note that using TS (not TSWEB) is
> >>>> encrypted anyway -
> >>>> and TSWEB should be using SSL only.
> >>>>
> >>>>>
> >>>>> Similar to first question but connecting to the Terminal Server
> >>>>> via VPN -
> >>>>> utilizing the XP's Remote Desktop Connection client -with VPN you
> >>>>> are actually making a connection the office LAN server shared
> >>>>> resources
> >>>>
> >>>> Yes.
> >>>>
> >>>>> - can a
> >>>>> home network that is infected with worms/virus/spyware - infect
> >>>>> the office
> >>>>> LAN via the VPN or Terminal Server?
> >>>>
> >>>> Yes, re VPN. You could let them VPN *not* to the LAN itself,
> >>>> though....and
> >>>> avoid PPTP.
> >>>>
> >>>> If you have real security concerns, don't allow any inbound
> >>>> connections at
> >>>> all from computers you don't actually manage - locked down company
> >>>> laptops,
> >>>> SecureID, etc etc etc.. However, this can also get rather
> >>>> expensive. You might wish to post in a security newsgroup for the
> >>>> larger issues.
> >>>>>
> >>>>> --
> >>>>> LPJ
>
>
>
>
.

Relevant Pages

  • Re: Spreading Virus/worms/spyware via terminal server connections?
    ... > We currently have remote users connecting thru our firewall via VPN. ... > utilizing VPN on company issued laptops only. ...
    (microsoft.public.windows.terminal_services)
  • Re: Switching IP address ranges
    ... ISA Server performs deep inspection of Internet ... inspection of all VPN traffic. ... Forth just because SBS is cheap it does not mean is bad. ... I used to believe on solid state firewalls (which SonicWall is not) but they ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook
    ... Outlook, and you'd have the centralized configuration, backup, management, ... and other benefits of Exchange. ... Then remote users would have two options, OWA, or Outlook using RPC over ... By the way, on the topic of VPN, depending on your circumstances I'd almost ...
    (microsoft.public.windows.server.sbs)
  • Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
    ... I use VPN because I need two-factor authentication. ... I guess technically 2 NICs would be more secure, but hopefully the SonicWall ... and when the server was about 6 weeks old a drive failed. ... and points regarding method of connectivity. ...
    (microsoft.public.windows.server.sbs)
  • Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
    ... I use VPN because I need two-factor authentication. ... I guess technically 2 NICs would be more secure, but hopefully the SonicWall ... and when the server was about 6 weeks old a drive failed. ... and points regarding method of connectivity. ...
    (microsoft.public.windows.server.sbs)