Stopping MSTSC access across VLANs
Hi All after getting my VLANs up and running with each core switch now having at least 4 redunudant links to it ;) I now turn my attention to further locking down vlans.
Now the subnets are working fine in that vlan 2 (Staff) cannot see vlan 3 (Students) and vice versa, this is good, you can however still launch mstsc (RDP) to the servers from either of these VLANS and there is a route through to the servers, there has to be !
Anyone know the best way of restricting this? Yes i kinow that you have tobe a member of the admins group to get access but if the username and password is compromised I am trying to reduce the attack window by only allowing mstsc access from within VLAN 1 only ie.e the server room, comms room, or my office.
Thanks in advance