Re: Is Remote Desktop Web Connection secure?
- From: Patrick Rouse <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Feb 2007 22:24:00 -0800
I'm in agreement with Jeff that punching a hole thru your firewall from the
public Internet to the private network is not the best solution, but a lot of
people do it.
For the most secure setup, placing an SSL VPN Device in a DMZ (port on your
firewall) for access to internat resources like TS, OWA... is the best
solution.
If security is not priority number one, you can allow port 3389 traffic thru
your firewall to an internal Terminal Server (Remote Desktop Host) and port
80 or 443 to an IIS Server. Technically, the IIS Server can be anywhere,
because it doesn't talk to the Terminal Server, it just delivers the RDP
Client and connection configuration to the client, which then connects
directly to the Terminal Server.
I'd opt for the SSL VPN in DMZ Option, i.e. using AEP Networks NSP or Citrix
Access Gateway. THere are other SSL VPN Solutions here:
http://www.sessioncomputing.com/add-on.htm#security
--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Provision Networks VIP
Citrix Technology Professional
President - Session Computing Solutions, LLC
http://www.sessioncomputing.com
"Jeff Pitsch" wrote:
IMHO, and I know others will disagree with me on this, but anytime you.
open up your internal network directly to the internet is just asking
for trouble.
As for OWA, many, many organizations use OWA so I'm not sure what your
referring to from a security perspective. What your proposing is much
less secure than OWA ever will be.
And for the DMZ, you have a router to the internet, typically these come
with the ability to carve off a DMZ network even if it's for one server
to reside in.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
Mrpush wrote:
Hello,
I'm in a fix. I want to make available to my users all company
applications, Exchange 2003 server services, etc. to all my users from remote
locations if that is what they need. I'm aware of the security issue that
exists in the "ooops, I left my session logged on at the hotel terminal" but
I think I'll just live with that. I want my user to have access to ALL of
there office stuff.
I do not have a DMZ and I have read that setting up Exchange (OWA)in the DMZ
is asking for trouble. I see security issues there.
My other option is to set up Remote Desktop Web Connection as I use terminal
servers and can put all my apps on them.
However I believe that I need a WEB SERVER (IIS) to use Remote Desktop Web
Connection and this now requires a DMZ anyway(I guess I can't escape this
millitary stuff)
My question is, if I setup a DMZ and a web server, will Remote Desktop Web
Connection be secure? Or does the security all fall onto how well I setup
the DMZ and IIS?
Is there an "easy DMZ in a box" or "DMZ and Web Server for dummies" resource
that would make this a quick setup for me?
Thanks much,
Mark
- Follow-Ups:
- Re: Is Remote Desktop Web Connection secure?
- From: Jeff Pitsch
- Re: Is Remote Desktop Web Connection secure?
- References:
- Re: Is Remote Desktop Web Connection secure?
- From: Jeff Pitsch
- Re: Is Remote Desktop Web Connection secure?
- Prev by Date: Re: Problems with the Windows 2003 License Server
- Next by Date: Re: NTVDM high CPU usage
- Previous by thread: Re: Is Remote Desktop Web Connection secure?
- Next by thread: Re: Is Remote Desktop Web Connection secure?
- Index(es):
Relevant Pages
|
