google for TSGRINDER On Tue, Apr 1, 2008 at 1:52 PM, Steve Ens <[EMAIL PROTECTED]> wrote: > I've actually never heard of anyone hacking in via RDP...maybe I'm wrong. > Here's a good article about securing an open Terminal Server. > http://support.microsoft.com/?id=895433 > > > > > On Tue, Apr 1, 2008 at 3:48 PM, <[EMAIL PROTECTED]> wrote: > > > > > > Never said no firewall in front of it -- we were only NATing a single port > (3389) to that box, and RDP is 128-bit encrypted. Not saying it's a good > idea, but for a short stint and some IP whitelisting it wasn't the end of > the world either... > > > > > > > > > > > > > > > > "Ziots, Edward" <[EMAIL PROTECTED]> > > > > 04/01/2008 04:42 PM > > > > > > > > Please respond to > > "NT System Admin Issues" <[email protected]> > > > > > > To > > > > "NT System Admin Issues" <[email protected]> > > > > cc > > > > > > Subject RE: Public TS - opinions? > > > > > > > > > > > > > > > > The few times we've had to do it we whitelisted the IPs on the firewall > that we wanted to allow connections from. If the connecting IP was on a > whitelist we'd NAT to the internal IP on port 3389 and the user would be in. > We had three users that needed access this way, so we whitelisted their home > office IPs (they were technically dynamic, but never really changed). Worked > in a pinch, although didn't make me feel good either. SSL VPN was the end > solution that allowed them easy access relatively inexpensively. > > > > Jeff > > > > > > > > > > > > > > "Bob Fronk" <[EMAIL PROTECTED]> > > > > > > 04/01/2008 04:34 PM > > > > > > Please respond to > > "NT System Admin Issues" <[email protected]> > > > > > > > > To > > > > "NT System Admin Issues" <[email protected]> > > > > cc > > > > Subject Public TS - opinions? > > > > > > > > > > > > > > > > > > > > I have a client that wants to keep a terminal server available publicly to > be accessed from multiple sites where a VPN is not possible due to money and > equipment constraints. The outside users just use the Remote Desktop and > connect directly to the public IP. > > > > I feel this is a security risk. > > > > What is the groups opinion and what do you think is a good work around or > ways to at least reduce the security problems? > > > > Bob Fronk > > > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the > Davis H. Elliot Company . Warning: Although precautions have been taken to > make sure no viruses are present in this email, the company cannot accept > responsibility for any loss or damage that arise from the use of this email > or attachments. > > > > > > > > > > > > > > > > > > > > > > Agreed, > > > > SSLL VPN if you have it and have them connect to it, and then tunnel the > RDP to the server. You control the access at your point of presence through > to the server. > > > > A Public facing server without a firewall or other security control in > front of it, is just asking for trouble. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, April 01, 2008 4:39 PM > > To: NT System Admin Issues > > Subject: Re: Public TS - opinions? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
