You might consider preventing resource redirection as well then via GPO. From: Bill Songstad (WCUL) [mailto:[email protected]] Sent: Friday, April 17, 2009 3:18 PM To: NT System Admin Issues Subject: RE: RAS appliances
I'm at the mercy of the nerds at Sonicwall for the info since I don't have a big enough propeller to test it myself, but they assured me that since the remote client is connecting to a server page on the Sonicwall VPN device, and the Sonicwall is making a separate connection to the RDP host, no traffic actually connects the infected client to the secure RDP host. They said that it all falls apart if I enable any of the networking features on the Sonicwall VPN device, but as long as I only run the RDP client, it works like a proxy that blocks any pass-through traffic. I'd be grateful if anyone knew how to test their assertion. Bill From: Don Ely [mailto:[email protected]] Sent: Friday, April 17, 2009 1:20 PM To: NT System Admin Issues Subject: Re: RAS appliances How do you ensure the remote PC's are properly protected and not infected with some virii/malware/spyware that could infiltrate your network? On Fri, Apr 17, 2009 at 1:13 PM, Bill Songstad (WCUL) <[email protected]<mailto:[email protected]>> wrote: I'm pretty happy with my new Sonicwall SSL 2000 VPN appliance <$2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user's machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user's machine. I've only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don't have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
