+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 R2 Thread, most secure way to remote access a single dc with no vpn in Technical; Any suggestions on the best/most secure way to access a single dc over the internet? They have no budget to ...
  1. #1

    Join Date
    Apr 2011
    Posts
    52
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    most secure way to remote access a single dc with no vpn

    Any suggestions on the best/most secure way to access a single dc over the internet?

    They have no budget to spend so buying a vpn gateway is out of the question. Their current isp router can do nothing more than forward the connection to the server.

    Forwarding a random port for a remote desktop connection to the server seems to be my only option.

    Any thoughts?

  2. #2
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,140
    Thank Post
    77
    Thanked 251 Times in 225 Posts
    Rep Power
    76

  3. #3
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Terminal services with rd gateway to encrypt the session.

  4. #4
    Zenden's Avatar
    Join Date
    Mar 2009
    Location
    Manchester
    Posts
    154
    Thank Post
    70
    Thanked 32 Times in 25 Posts
    Rep Power
    16
    i second the shout for TSGateway!

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498
    I second LogMeIn - lot less hassle than TSGateway, plus is secure
    2 Tier authentication (LMI account as well as the Domain Account to connect to the PC)
    I can get onto all my servers via a single LMI (Free) account
    If you can afford a LMI Pro account then this also gives you File Transfer, event logs, etc..

    All you need to do is install a client on the server(s) - also, AFAIK, this will only talk to the originating LMI account so no-one else can get into it..

  6. #6

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,774
    Thank Post
    1,469
    Thanked 590 Times in 442 Posts
    Rep Power
    168
    +1 Logmein.

    Si

  7. #7
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,419
    Thank Post
    507
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    TeamViewer also, the free account everything is encrypted you get file transfer and remote input disable - On the free account the college have all the servers including all the off site ones and a few Admin machines.

  8. #8


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,706
    Thank Post
    220
    Thanked 2,615 Times in 1,926 Posts
    Rep Power
    777

  9. #9

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,675
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    Quote Originally Posted by cpjitservices View Post
    TeamViewer also, the free account everything is encrypted you get file transfer and remote input disable - On the free account the college have all the servers including all the off site ones and a few Admin machines.
    A minor wrinkle, doesn't that violate the T&C's? I looked at TeamViewer and you can only use it for free if you are using it for home personal use as per the FAQ

  10. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,617
    Thank Post
    49
    Thanked 448 Times in 331 Posts
    Rep Power
    136
    Apart from the T&C's Teamviewer has the habit of getting the "Suspected Commercial Use" error then you are reduced to 5mins use before it bumps you out!

    Can you install Logmein Free on a server?

    RDP is encrypted end to end anyway, your real danger is that there is no account lockout on the domain admin account!
    Tools like TSGrinder will run 24/7 against you and an en mass attack whilst it may never break your highly complex Admin password could result in a DOS situation so without Intrusion protection or another defence in front of the RDP session may be considered reckless.

    It certainly wouldn't be permissible under PCI compliancy and has a lot of DP consequences should you get hacked.

    If you have no budget for this and you do it without the permission or knowledge of your principle you could be in deep trouble later.
    You are not alone I know of several schools that despite investing in decent gateway solutions still insist on opening 3389 or an alternate Port Forward directly to servers.... You just cant help some people.

  11. #11

    Join Date
    Apr 2010
    Posts
    2,009
    Thank Post
    81
    Thanked 184 Times in 153 Posts
    Rep Power
    68
    open vpn active server comes with 2 free concurrent connections but is only a few pounds to add more and comes in a pre built vm appliance. That way you have a full vpn setup without the cost or hassle and you get all your drives / printers mapped.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 16th March 2011, 08:30 AM
  2. Secure Site Access
    By zippo in forum Wireless Networks
    Replies: 4
    Last Post: 13th December 2010, 10:14 PM
  3. Remote access / VPN
    By steveg in forum Wireless Networks
    Replies: 3
    Last Post: 1st March 2010, 08:26 AM
  4. Secure Remote desktop connection
    By djsmiler in forum Mac
    Replies: 1
    Last Post: 12th August 2009, 11:36 AM
  5. ISA Server 2006 Remote VPN
    By Michael_84 in forum Wireless Networks
    Replies: 0
    Last Post: 19th February 2008, 05:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •