I guess what I was trying to point out is that rolling out a basic RDP over VPN solution leaves potential holes that need to be addressed. We use TS Gateway and disable device redirection on the CAP.
On Wed, Dec 8, 2010 at 2:02 PM, David Lum <[email protected]> wrote: > RDS or Citrix they only have access to drives via apps offered by the RDP > or Citrix session – the home user cannot UNC to drives as one could via VPN. > Launching Excel for example the EXCEL.EXE is on the RDS or Citrix box in RAM > and not the local users box…hence and infected system cannot get to the > EXCEL.EXE (or more importantly, it’s folder structure) to infect it. > > > > As other have said, you don’t really want a network connection between an > unmanaged machine and your network. > > > > Dave > > > > *From:* RS [mailto:[email protected]] > *Sent:* Wednesday, December 08, 2010 9:49 AM > > *To:* NT System Admin Issues > *Subject:* Re: Remote access - Allow employees work from home > > > > That's what I thought, and why I asked the question. If Joe home user can > connect his virus-riddled home (or even laptop) drives via the RDP session, > what have you really gained? (This can also be a source of data leakage, > not just inbound malware.) > > On Wed, Dec 8, 2010 at 12:39 PM, Phil Brutsche <[email protected]> > wrote: > > Such things are configurable in TS/RDS and Citrix. > > If you allow them to connect directly to their work desktop, then no. > > On 12/8/2010 9:59 AM, RS wrote: > > Doing it this way, can you administratively control options like > > connecting local drives, printers, clipboard, etc? That might be > important. > > -- > > Phil Brutsche > [email protected] > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
