have you tried Parallels RAS (formerly 2X), inexpensive, uses standard port 80 or 443 and takes all of 30 minutes to setup
this prevents drive-by attacks as you need the client/app and domain to lock someone out, https://www.parallels.com/products/ras/remote-application-server/ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RDS with 2PA Date: Mon, 18 Jul 2016 11:57:43 +0000 That’s great – thanks, I really appreciate it. Gavin Wilby IT Support Engineer From: [email protected] [mailto:[email protected]] On Behalf Of Webster Sent: 18 July 2016 12:40 To: [email protected] Subject: RE: [NTSysADM] RDS with 2PA I forwarded your request to a fellow CTP who is also a 17 year TS/RDS MVP. I will let you know what the lambo driving cheap turd of a Brazilian/Canadian says. J Webster From: [email protected] [mailto:[email protected]] On Behalf Of Gavin Wilby Sent: Monday, July 18, 2016 6:17 AM To: '[email protected]' <[email protected]> Subject: RE: [NTSysADM] RDS with 2PA The issue is that we have a lot of drivebys to the RDS Server. This causes account lock-outs if they hit an account that does exist. What I need is a solution that’s provided to the remote connection BEFORE the AD credential negotiation takes place. Duo doesn’t seem to allow that. Gavin Wilby IT Support Engineer From: [email protected] [mailto:[email protected]] On Behalf Of Graeme Carstairs Sent: 15 July 2016 10:56 To: [email protected] Subject: Re: [NTSysADM] RDS with 2PA We use duo Works Well You login to the RDS server It displays a waiting on authentication message The push is received on your phone You click the tick Your in Graeme On Thursday, 14 July 2016, Raymond Peng <[email protected]> wrote: You may want to look at DUO Mobile – https://duo.com/solutions/features/two-factor-authentication-methods/duo-mobile We currently implement this in our company – working well so far. Thank you, Ray From: [email protected] [mailto:[email protected]] On Behalf Of Gavin Wilby Sent: Thursday, July 14, 2016 5:54 AM To: '[email protected]' <[email protected]> Subject: [NTSysADM] RDS with 2PA Hi, I have a RDS server, it’s not open to the internet just yet, but I want it to have 2 phase authentication when it does. It’s been stipulated that the OTP is presented BEFORE the user credentials (to prevent drive by’s locking accounts). Any idea of what’s good to achieve this? Gavin Wilby IT Support Engineer SMP Partners Ltd Clinch’s House, Lord Street, Douglas, Isle of Man IM99 1RZ Tel +44 1624 682214 Mob +44 7624 480575 [email protected] www.smppartners.com A member of the SMP Partners Group of Companies SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited are licensed by the Isle of Man Financial Services Authority. SMP Accounting & Tax Limited is a member of the ICAEW Practice Assurance Scheme. SMP Partners Limited registered in the Isle of Man, Company Registration No: 000908V Directors: M.W. Denton, M.J. Derbyshire, S.E McGowan, O. Peck, J.J. Scott, S.J. Turner SMP Trustees Limited registered in the Isle of Man, Company Registration No: 068396C Directors: A.C. Baggesen, J.M. Cubbon, M.W. Denton, K.M. Goldie, O Peck, J. Watterson SMP Fund Services Limited registered in the Isle of Man, Company Registration No: 120288C Directors: V. Campbell, R.K. Corkill, M.W. Denton, D.A. Manser, S.E McGowan, J.J. Scott, E. Tansell SMP Accounting & Tax Limited registered in the Isle of Man, Company Registration No: 001316V Directors: I.F. Begley, A.J. Dowling, P. Duchars, J.J. Scott, S.J. Turner SMP Capital Markets Limited registered in the Isle of Man, Company Registration No: 002438V Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, S. J. Turner SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP Accounting & Tax Limited and SMP Capital Markets Limited are members of the SMP Partners Group of Companies. This email is confidential and is subject to disclaimers. Details can be found at: http://www.smppartners.com/disclaimer.html ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -- Good news everyone, you have just received an e-mail from me! ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
