Any suggestions on the best/most secure way to access a single dc over the internet?
They have no budget to spend so buying a vpn gateway is out of the question. Their current isp router can do nothing more than forward the connection to the server.
Forwarding a random port for a remote desktop connection to the server seems to be my only option.
Terminal services with rd gateway to encrypt the session.
i second the shout for TSGateway!
I second LogMeIn - lot less hassle than TSGateway, plus is secure
2 Tier authentication (LMI account as well as the Domain Account to connect to the PC)
I can get onto all my servers via a single LMI (Free) account
If you can afford a LMI Pro account then this also gives you File Transfer, event logs, etc..
All you need to do is install a client on the server(s) - also, AFAIK, this will only talk to the originating LMI account so no-one else can get into it..
TeamViewer also, the free account everything is encrypted you get file transfer and remote input disable - On the free account the college have all the servers including all the off site ones and a few Admin machines.
Apart from the T&C's Teamviewer has the habit of getting the "Suspected Commercial Use" error then you are reduced to 5mins use before it bumps you out!
Can you install Logmein Free on a server?
RDP is encrypted end to end anyway, your real danger is that there is no account lockout on the domain admin account!
Tools like TSGrinder will run 24/7 against you and an en mass attack whilst it may never break your highly complex Admin password could result in a DOS situation so without Intrusion protection or another defence in front of the RDP session may be considered reckless.
It certainly wouldn't be permissible under PCI compliancy and has a lot of DP consequences should you get hacked.
If you have no budget for this and you do it without the permission or knowledge of your principle you could be in deep trouble later.
You are not alone I know of several schools that despite investing in decent gateway solutions still insist on opening 3389 or an alternate Port Forward directly to servers.... You just cant help some people.
open vpn active server comes with 2 free concurrent connections but is only a few pounds to add more and comes in a pre built vm appliance. That way you have a full vpn setup without the cost or hassle and you get all your drives / printers mapped.
There are currently 1 users browsing this thread. (0 members and 1 guests)