------------------------------------ Authentication should be strong. Something more than a password. [ No budget for RSA securiD :-))) ] - W2K3 SP1 RDP can be configured for certificate authentication, adding server; not just client authentication to the mix. This goes a looong way toward removing the RDP MITM threat that so many have feared.
Encryption for user-crentials/data access - Same answer here; with certificate auth, you also get SSL encryption of the whole session, from logon to logoff. Options considered ---------------------------------- I read W2K3 L2TP/IPSEC - looks complex. Terminal services - File copy is not simple and also you require Application Mode license. - L2TP, IPSec and RDP v6 (required for cert auth) would all require changes at the client machine. All provide the additional security (and inconvenience) of limiting access to hosts configured for each protocol. IPSec and L2TP (or PPTP, for that matter) are harder to spread across clients because they all require specific configuration knowledge. RDP needs only the v6 client (KB 925876). - TS App Mode is required for more than 2 concurrent users. File copy across the RDP channel is not related to TS App Mode. The number of remote users - less than 100 - More than 3 concurrent users (including console) requires TS App Mode. Cost effective , easy to implement and easy to manage solution sought - the only management difficulty presented by App Mode is licensing and user education. Otherwise, it's "just an RDP connection" that inherits all the rights & privileges of that user account. Contrary to urban myth, adding users to the Admins group is *not* required for TS access to a machine. Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai Sent: Monday, January 01, 2007 8:17 PM To: [email protected] Subject: Secure Remote access - windows 2003 I am planning to provide remote access from Internet to a windows 2003 domain controller.User-ids, NTFS permissions are all configured. The objective is file sharing and access. Files will need to be copied. The machine has valid Internet IP address and is sitting behind a Firewall. I would like to keep solution independent of Firewall.This will be accessed by roaming users. I am thinking of something like 0penssh for windows or maybe just GUI based Secure-FTP Challenges I am facing ------------------------------------ Authentication should be strong. Something more than a password. [ No budget for RSA securiD :-))) ] Encryption for user-crentials/data access Options considered ---------------------------------- I read W2K3 L2TP/IPSEC - looks complex. Terminal services - File copy is not simple and also you require Application Mode license. The number of remote users - less than 100 Cost effective , easy to implement and easy to manage solution sought All mail to and from this domain is GFI-scanned.
