+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 R2 Thread, most secure way to remote access a single dc with no vpn in Technical; Any suggestions on the best/most secure way to access a single dc over the internet? They have no budget to ...
  1. #1

    Join Date
    Apr 2011
    Posts
    52
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    most secure way to remote access a single dc with no vpn

    Any suggestions on the best/most secure way to access a single dc over the internet?

    They have no budget to spend so buying a vpn gateway is out of the question. Their current isp router can do nothing more than forward the connection to the server.

    Forwarding a random port for a remote desktop connection to the server seems to be my only option.

    Any thoughts?

  2. #2
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,166
    Thank Post
    78
    Thanked 258 Times in 230 Posts
    Rep Power
    78

  3. #3
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Terminal services with rd gateway to encrypt the session.

  4. #4
    Zenden's Avatar
    Join Date
    Mar 2009
    Location
    Manchester
    Posts
    154
    Thank Post
    71
    Thanked 32 Times in 25 Posts
    Rep Power
    17
    i second the shout for TSGateway!

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,674
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499
    I second LogMeIn - lot less hassle than TSGateway, plus is secure
    2 Tier authentication (LMI account as well as the Domain Account to connect to the PC)
    I can get onto all my servers via a single LMI (Free) account
    If you can afford a LMI Pro account then this also gives you File Transfer, event logs, etc..

    All you need to do is install a client on the server(s) - also, AFAIK, this will only talk to the originating LMI account so no-one else can get into it..

  6. #6

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,821
    Thank Post
    1,476
    Thanked 593 Times in 445 Posts
    Rep Power
    168
    +1 Logmein.

    Si

  7. #7
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,490
    Thank Post
    517
    Thanked 290 Times in 266 Posts
    Rep Power
    82
    TeamViewer also, the free account everything is encrypted you get file transfer and remote input disable - On the free account the college have all the servers including all the off site ones and a few Admin machines.

  8. #8


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,026
    Thank Post
    231
    Thanked 2,699 Times in 1,994 Posts
    Rep Power
    792

  9. #9

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,678
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    Quote Originally Posted by cpjitservices View Post
    TeamViewer also, the free account everything is encrypted you get file transfer and remote input disable - On the free account the college have all the servers including all the off site ones and a few Admin machines.
    A minor wrinkle, doesn't that violate the T&C's? I looked at TeamViewer and you can only use it for free if you are using it for home personal use as per the FAQ

  10. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,631
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    Apart from the T&C's Teamviewer has the habit of getting the "Suspected Commercial Use" error then you are reduced to 5mins use before it bumps you out!

    Can you install Logmein Free on a server?

    RDP is encrypted end to end anyway, your real danger is that there is no account lockout on the domain admin account!
    Tools like TSGrinder will run 24/7 against you and an en mass attack whilst it may never break your highly complex Admin password could result in a DOS situation so without Intrusion protection or another defence in front of the RDP session may be considered reckless.

    It certainly wouldn't be permissible under PCI compliancy and has a lot of DP consequences should you get hacked.

    If you have no budget for this and you do it without the permission or knowledge of your principle you could be in deep trouble later.
    You are not alone I know of several schools that despite investing in decent gateway solutions still insist on opening 3389 or an alternate Port Forward directly to servers.... You just cant help some people.

  11. #11

    Join Date
    Apr 2010
    Posts
    2,050
    Thank Post
    83
    Thanked 188 Times in 155 Posts
    Rep Power
    84
    open vpn active server comes with 2 free concurrent connections but is only a few pounds to add more and comes in a pre built vm appliance. That way you have a full vpn setup without the cost or hassle and you get all your drives / printers mapped.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 16th March 2011, 08:30 AM
  2. Secure Site Access
    By zippo in forum Wireless Networks
    Replies: 4
    Last Post: 13th December 2010, 10:14 PM
  3. Remote access / VPN
    By steveg in forum Wireless Networks
    Replies: 3
    Last Post: 1st March 2010, 08:26 AM
  4. Secure Remote desktop connection
    By djsmiler in forum Mac
    Replies: 1
    Last Post: 12th August 2009, 11:36 AM
  5. ISA Server 2006 Remote VPN
    By Michael_84 in forum Wireless Networks
    Replies: 0
    Last Post: 19th February 2008, 05:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •