+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Windows Server 2000/2003 Thread, Securing Windows server 2003 Remote Desktop access for access through the internet in Technical; I will no longer authorise RDP into Northants schools and over the next 12 months will be asking schools to ...
  1. #16

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,779 Times in 1,104 Posts
    Blog Entries
    19
    Rep Power
    594
    I will no longer authorise RDP into Northants schools and over the next 12 months will be asking schools to move to a more secure remote setup.

    It is open to attack as previously mentioned and it is scary the number of people that have set it up on their MIS to allow for SLT to access the MIS at home in *clear* breach of the DPA!

    Seriously folks ... it is not secure, go for a decent VPN solution or other alternatives such as Sun Secure Global Desktop or Citrix ... both over HTTPS with a valid certificate.

  2. #17

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    aaaahhhhhh... >_< that is soo scary...

    anyway using OpenVPN or anything with two factor authentication such as RSA SecurID is the secure way to do it but yes we will have to invest anyway ;-|

  3. #18

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    Or use TSGateway over HTTPS which comes built in to Server 2008 which also gives added security.
    Last edited by SYNACK; 19th August 2009 at 07:41 PM.

  4. Thanks to SYNACK from:

    albertwt (20th August 2009)

  5. #19

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Do any of the RDP MITMs people have in mind actually work if you turn on server TLS authentication (something you've had an opportunity to do for years now)?

    The problem for RBCs/whatever is that you can't rely on people to configure these features, or have genuinely strong passwords etc. , so they're pretty much forced to mandate VPNs.

    I expect the 2K8 [2k8R2]+ TS[RD] stuff over TLS will get people more in the security groove though... and I'm definitely prepared to argue the case for that vs. splashing out what can often be a *lot* of money on commercial VPNs.
    Last edited by PiqueABoo; 19th August 2009 at 11:24 PM.

  6. Thanks to PiqueABoo from:

    albertwt (20th August 2009)

  7. #20

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11

    Red face

    Yes, I agree with using the existing Windows features (2003/2008) ratherthan getting additional VPN connection with 3rd party.

    So in this case I shall try to deploy Windows Essential Business Server 2008 Standard Security server as they are equipped with FireFront Threat management and also this edition of Windows Server does not need to be member of Active Directory.

  8. #21

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I agree with using the existing Windows features (2003/2008) ratherthan getting additional VPN connection with 3rd party.
    That's the spirit.

    No one's answered the question yet, so after a very quick google I found this Configuring Terminal Servers for Server Authentication to Prevent “Man in the Middle” Attacks. Not necessarily the last word, but it's recent-ish and item 2b (pointing to KB895433) is the 2K3 update I had in mind.

    And again with 2K8 you just run RDP over TLS with all that security stuff to play with. The only downside, as ever, is the client boxes: If they're "yours", locked down and configured nicely before they get home it's not too bad, otherwise..

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Remote Desktop Access to a Windows 200 Server
    By Grommit in forum Windows
    Replies: 8
    Last Post: 28th July 2011, 11:32 PM
  2. Remote Access to LAN PCs over Internet
    By Asif in forum Network and Classroom Management
    Replies: 15
    Last Post: 5th September 2009, 08:56 PM
  3. Blocking internet access on windows explorer
    By ltunstall in forum Windows
    Replies: 7
    Last Post: 14th April 2008, 10:45 AM
  4. Windows 2003 Server Restricted Access
    By deepusurana in forum Windows
    Replies: 19
    Last Post: 12th October 2007, 09:39 AM
  5. Replies: 15
    Last Post: 2nd May 2007, 05:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •