Security Basics mailing list archives
Re: Remote Web Workplace security
From: barcajax () gmail com
Date: 4 Mar 2006 08:58:19 -0000
You're not paranoid... you're using your brain that's all. Not tunnelling RDP through a VPN tunnel would require you to allow incoming RDP connections through your corporate perimeter firewall. People scanning your firewall would be able to discover that RDP is allowed and start targetting those RDP-enabled servers/workstations. RDP has had a history of vulnerabilities. Found two references from M$'s website for your review. http://www.microsoft.com/technet/security/advisory/904797.mspx http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx Using VPN is the right strategy because you can apply access control to ensure that your users authenticate first before connecting to servers they are authorised to via RDP. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Remote Web Workplace security davidj (Mar 03)
- Re: Remote Web Workplace security Paul Halliday (Mar 06)
- <Possible follow-ups>
- Re: Remote Web Workplace security barcajax (Mar 06)
- Re: Remote Web Workplace security ROB DIXON (Mar 08)
- Re: Remote Web Workplace security Paul Halliday (Mar 09)
- RE: Remote Web Workplace security Dana Epp (Mar 10)
- Re: Remote Web Workplace security ROB DIXON (Mar 10)