Re: Spreading Virus/worms/spyware via terminal server connections?
- From: "Luigi" <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Jan 2006 12:40:03 -0800
No problem - my bad - I should have provided more details upfront. With the
SonicWall's VPN I can configure the firewall's VPN polcy to either 'split
tunnel' the session or force the client to access via only a secured gateway.
I agree if the PC is already infected then it does not matter - somehow
the firewall that the VPN is going through needs to somehow filter/scan the
VPN tunneling session for virus/worms/spyware etc..I'll check with my
Sonicwall firewall vendor if they have this security feature....
Thanks again for your feedback. Appreciated it.
--
LPJ
"Jeff Pitsch [MVP]" wrote:
> Ok, got it. Sorry about that. If your vpn is setup to not allow split
> networking, then I wouldn't think you have anything to worry about. If you
> allow it then yes I'd be worried. But those settings wouldn't prevent
> anything from coming through if it was already on the PC though. does that
> make sense?
>
> Jeff Pitsch
> Microsoft MVP - Terminal Services
> http://www.sbcgatekeeper.com
> Your Terminal Services Security Website
>
> "Luigi" <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E958F828-45BB-414C-A9D1-288D2C6482F4@xxxxxxxxxxxxxxxx
> > Jeff,
> >
> > Thanks for your comments. See my latest post to Lanwench on my
> > environment.
> > Just for clarification - our Terminal Server sits behind a SonicWall 2040
> > firewall. So it is not using a public IP address. We use the SonicWall
> > VPN
> > client to connect to our LAN via the firewall then login into our TS.
> >
> > My main concern is having remote users using an unsecured/infected
> > public-personal PC to connect to the Terminal Server via the Remote
> > Desktop
> > WEB connection browser.
> >
> > --
> > LPJ
> >
> >
> > "Jeff Pitsch" wrote:
> >
> >> I'm assuming by your comments that your terminal server has a public IP
> >> address, which means it's directly accessible by te public (TSWeb does
> >> nothing for this) and this means your internal network is exposed to the
> >> internet. I would be much more concerned about this very bad design than
> >> anything else. You've virtually eliminated your firewall as a protective
> >> measure.
> >>
> >> Jeff Pitsch
> >> Microsoft MVP - Terminal Services
> >> http://www.sbcgatekeeper.com
> >> Your Terminal Services Security Website
> >>
> >> "Luigi" <Luigi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:DF3F9D99-1A35-43D2-9383-1D31E2802066@xxxxxxxxxxxxxxxx
> >> > How safe is a Terminal Server Service running Remote Desktop Web
> >> > Connection
> >> > if the remote client's home PC is infected with a worm/virus or
> >> > spyware.
> >> > Can
> >> > the worm/virus/ spyware utilize the Terminal services client's web
> >> > connection
> >> > to spread the virus/worm/spyware to the office LAN/WAN?
> >> >
> >> > Can someone intercept/hack a terminal server session's Remote Desktop
> >> > WEB
> >> > connection?
> >> >
> >> > Similar to first question but connecting to the Terminal Server via
> >> > VPN -
> >> > utilizing the XP's Remote Desktop Connection client -with VPN you are
> >> > actually making a connection the office LAN server shared resources -
> >> > can
> >> > a
> >> > home network that is infected with worms/virus/spyware - infect the
> >> > office
> >> > LAN via the VPN or Terminal Server?
> >> >
> >> > --
> >> > LPJ
> >>
> >>
> >>
>
>
>
.
- References:
- Re: Spreading Virus/worms/spyware via terminal server connections?
- From: Jeff Pitsch
- Re: Spreading Virus/worms/spyware via terminal server connections?
- From: Jeff Pitsch [MVP]
- Re: Spreading Virus/worms/spyware via terminal server connections?
- Prev by Date: Re: Spreading Virus/worms/spyware via terminal server connections?
- Next by Date: Re: Screwed by HP on Printers
- Previous by thread: Re: Spreading Virus/worms/spyware via terminal server connections?
- Next by thread: Re: Spreading Virus/worms/spyware via terminal server connections?
- Index(es):
Relevant Pages
|
