Re: remote desktop question

[Austin Murkland <amurkland () merydion com>]

make sure nothing but what's essential is running, use microsoft 
baseline security analyzer to give you a basic idea of how secure the MS 
sides of things are, make sure it's patched as fully as possible, run 
iis lockdown if you plan to have or not to have iis services on the 
computer.  i believe xp pro limits you to a max of 2 users without 
additional terminal services licenses (if you can even purchase more..) 
only have port 3899 open (RDP) if you can get away with it.  Log all 
in/out connections, and Log all traffic attempting to hit the box.  Only 
give out a user account with limited access and a difficult to 
guess/bruteforce password.  You might even want to setup a time based 
policy on your firewall to allow access only during off hours (or when 
the RDP traffic is likely to occur).  Make sure you have auditing for 
logons/invalid logons turned on so attempts, etc..show up in the system 
log...hmm i think that's a good start.

anyone else?

Austin Murkland


cc wrote:
> Dear All,
>
> The company I work with recently required a remote desktop access and
> to keep the budget down, I used a XP Pro system to receive only one
> Remote Desktop user.
>
> Since this requires the opening up of a port on the firewall,
> I'm quite concerned.  I have limited the system to only one or
> two users who can log on.   Since this is my initial foray
> into the remote desktop client (in the past, we used PCAnywhere,
> but it's getting more and more expensive(hard to justify
> purchasing a license for each system).
>
> In what ways can I protect the remote desktop system from
> being broken into?  (Well, aside from shutting it down.)
>
> Any pointers appreciated.
>
> Edmund
>
>
>
>
>
>