Security Basics mailing list archives
Re: remote desktop question
From: Brian Loe <knobdy () gmail com>
Date: Wed, 2 Nov 2005 16:31:41 -0600
Same rules apply. If you are giving them any kind of VPN access you're hooking them into your network, for that reason you should make sure they're running some kind of firewall - and I have much more faith in an appliance based firewall than, for instance, Windows (host) based. If you require them to get a router for their home network, odds are good it has VPN functionality (I like linksys for the most part). For traveling, and they're using laptops, you can use either Windows' client or a client that comes with your endpoint. For your endpoint I would again recommend a device as opposed to, for instance, RAS (which would require you to either open ports in your firewall or place the box directly on the Internet). If you use a cisco device (PIX or 3000 or other) they have a decent client for Mac and Windows, and one that "works" for linux. On 11/2/05, jordanpw <jordanpw () gmail com> wrote:
Thanks. Thinking more in terms of allowing users from multiple locations - home / home office etc ... Brian Loe wrote:If connecting two sites then you would use the router/firewall at each site to create the tunnel. Your performance hit will vary depending on your connection speed and what you're doing via terminal services - but for the most part my experience has been very good. SSL VPN is a very easy way to go but I've recently began question it's security. If someone can perform a MITM attack on an SSL session, why not an SSL VPN session? I don't know...just wondering.I see this advice often on this list. I work with very small businesses (200 users and below) where number of servers / firewalls / routers, and budgets for same, are very small. So I have some (very basic I'm afraid) questions on this subject: -- Is there not a slowness / performance hit when forcing users to access a Terminal Server via a VPN connection? -- This will require VPN client software on all client machines right? Or is the in-built MS VPN connection stuff considered acceptably secure in this scenario? -- Or should we look at SSL VPN for this? Thanks in advance for any feedback ...
Current thread:
- Re: remote desktop question jordanpw (Nov 02)
- Re: remote desktop question Scott C. Best (Nov 03)
- Re: remote desktop question Brian Loe (Nov 03)
- Re: remote desktop question jordanpw (Nov 03)
- Re: remote desktop question Brian Loe (Nov 03)
- Re: remote desktop question jordanpw (Nov 03)
- <Possible follow-ups>
- RE: remote desktop question Kirk Brady (Nov 03)