Wow ! I disagree completely ... Opening up VPNs to home users' privately owned equipment, with questionable security/infection status seems MUCH more risky than opening RDP ports on the firewall ...
And a 'basic MS VPN' ? You mean PPTP with clear text password exchange ? L2TP should be the minimum MS VPN in use today, let SSL encrypt the login/password exchange. I'm really curious as to why you consider a publicly available RDP session such a risk ? Erik Goldoff IT Consultant Systems, Networks, & Security -----Original Message----- From: Charlie Kaiser [mailto:[email protected]] Sent: Wednesday, July 01, 2009 2:11 PM To: NT System Admin Issues Subject: RE: Terminal Services question Set up a VPN and allow RDP to their desktops. Keep them off the server, unless you want to set up a dedicated TS for client access. While you can allow RDP through your firewall, you're opening up some pretty big holes for people to bang on if you do. You can lock down specific ports/IPs to your users' local IP addys, but that's way more management than you want. Even a basic MS VPN will be much more manageable (remote access group, manage remote access via GP) than trying to allow direct RDP without opening up your network. The level of VPN config you set up will depend on your security requirements. If you work the VPN right, you can allow only approved computers to connect, if that's your desire. *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
