Re: Remote Web Workplace security

[barcajax () gmail com]

You're not paranoid... you're using your brain that's all. Not tunnelling RDP through a VPN tunnel would require you to 
allow incoming RDP connections through your corporate perimeter firewall. People scanning your firewall would be able 
to discover that RDP is allowed and start targetting those RDP-enabled servers/workstations. RDP has had a history of 
vulnerabilities. Found two references from M$'s website for your review.
http://www.microsoft.com/technet/security/advisory/904797.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx

Using VPN is the right strategy because you can apply access control to ensure that your users authenticate first 
before connecting to servers they are authorised to via RDP.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------