Do you have a Windows 2008 or R2 remote desktop server? If so you could create a remoteapp that they connect to via rd web access or via rd gateway.
I've used this to provide access to one of our apps to an external provider. Created a nice remoteapp icon for them. They just double click, enter in their creds and then all they see is a seamless window of the app. From: [email protected] [mailto:[email protected]] Sent: Wednesday, 7 April 2010 10:38 PM To: NT System Admin Issues Subject: Secure remote data entry Greetings! Our DBA has a project going (with the help of an outside vendor) in which animal welfare agents will enter stats into our (internal) databases. This vendor says to set up a web server in a DMZ (done). Then, open a port between this DMZ machine and our production database server. Right! I can open that port in 2 minutes or less. It seems that, in 3 minutes (a minute or less after I open that port), someone in Tashkhent or Baku now owns our entire network (including main HQ a half-continent away)... Our DMZ currently has no "DMZ to Trusted" policies, and it seems that is what defines DMZ. A DMZ box gets compromized, but attackers have no route on through to "Trusted". I'm catching some bad stares (and worse) for my stand on this, but such is the life of a SysAdmin... SO, as nobody here manages a web-based point-of-sales operation, how does one set up a secure remote data entry system? Our entire economy seems to be based more and more on web-based (presumably) secure sales transactions, so it can't be that difficult. Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org<http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
