Security Basics mailing list archives
Re: Remote desktop access policy
From: David Glosser <david_glosser () yahoo com>
Date: Fri, 18 Jan 2008 13:56:41 -0800 (PST)
Also, change the default port for RDP, require encryption (that's also a group policy), use an ssh tunnel if you can. Here's a web page I found: http://www.mobydisk.com/techres/securing_remote_desktop.html ----- Original Message ----
From: Dave Spillers <DSpillers () centiv com> To: Petter Bruland <pbruland () fcglv com>; jenna <jennasec-focus () yahoo co uk>; security-basics () securityfocus com Sent: Friday, January 18, 2008 3:12:48 PM Subject: RE: Remote desktop access policy I also have my users connecting and using the RDP, for very similar reasons. I also have users that are remote offices with different network/subnets Ie. We may be 192.168.1.X and they are 192.168.2.X and they can not RDP to us. There is a spot to enter the subnets that are allowed to RDP to systems on the 1.x but I can't remember where. I
know
I changed it at one point to add one of the remote offices but cant remember now where. I thought it was a group policy but cant find that any help jogging my memory would be GREAT! David S -----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Petter Bruland Sent: Friday, January 18, 2008 12:16 PM To: jenna; security-basics () securityfocus com Subject: RE: Remote desktop access policy The issue with that is that "important" people can't wait for a large file to transfer to their home PC, in order for them to work on it. Working via RDC is a faster and better solution for them. And when you do work from home in the evening/morning, you can disconnect when you're done, then when you get to the office and log in everything is where you left it. Well, except the days when we roll out Windows updates. Plus if a firewall/VPN setup is configured to only allow RDC traffic, I would think that's better than allowing full/partial direct server.
Also
with a semi locked down VPN connection only allowing RDC, I would think that the importance of a "clean" end-user machine isn't as important as if they had more access. -Petter -----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of jenna Sent: Friday, January 18, 2008 9:10 AM To: security-basics () securityfocus com Subject: Re: Remote desktop access policy Hi My main concern would be why they requre access to their desktop. Anything to do with the business should be on a file server to ensure
it
gets backed up. Users would then only need access to the server thus negating the need to leave their desktops left on. If you allow any access to your network, ensure you have a tool in place to check that their home machine has an updated AV as well as MS updates. Users will also be able to copy files to their home machine
so
ensure this is covered by the policy and ensure everybody is aware -
you
could ask people to sign a form acknowledging this. Jenna ----- Original Message ---- From: WALI To: security-basics () securityfocus com Sent: Friday, 18 January, 2008 1:33:18 PM Subject: Remote desktop access policy Hi guys...do you have any remote desktop policy clauses that you can share? I am having difficulties in trying to tell people the hazards of haphazardly asking IT guys the perils of asking access to their
desktops
when the come in via VPN. Everyone wants to have a VPN client and then to a remote desktop
session
to their desktop. How can I tell them the threats of doing so? Are there any threats? Should I restrict such usage? For one, it makes a lot of economic sense to switch off PC once a user leaves his/her desk for the day. ___________________________________________________________ Support the World Aids Awareness campaign this month with Yahoo! For Good http://uk.promotions.yahoo.com/forgood/
Current thread:
- Re: Remote desktop access policy jenna (Jan 18)
- RE: Remote desktop access policy Petter Bruland (Jan 18)
- RE: Remote desktop access policy Dave Spillers (Jan 18)
- AW: Remote desktop access policy Johannes Lemmerer (Jan 18)
- Storing doc pdfs within an application or database? WALI (Jan 21)
- RE: Storing doc pdfs within an application or database? Ramsdell, Scott (Jan 21)
- RE: Remote desktop access policy Dave Spillers (Jan 18)
- RE: Remote desktop access policy Petter Bruland (Jan 18)
- Re: Remote desktop access policy Josh Haft (Jan 18)
- <Possible follow-ups>
- Re: Remote desktop access policy David Glosser (Jan 18)