Educause Security Discussion mailing list archives
Re: Remote Access to Staff Desktops
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 18 Feb 2009 10:36:20 -0600
In our world, we use termserv/virtual desktops and/or Citrix with low-user-rights configuration for anyone running applications that make direct database connections to our data warehouse-ish systems. The remote-desktop systems are *also* not allowed to browse the Internet. -jml John Ladwig - Minnesota State Colleges and Universities ITS Wells Fargo Place 30 7th St. E., Suite 350 St. Paul, MN 55101-7804 Email: John.Ladwig () csu mnscu edu Voice: +1.651.201.1458 Fax: +1.651.917.4731 IM: xmpp:ladwigjo () jabber its mnscu edu
David Grisham <DGrisham () SALUD UNM EDU> 2009-02-18 09:48 >>>
Is there anybody using virtual desktops through Citrix or another means for ensuring a secure workstation when remote computing/access is required? HIPAA requires the same security on workstations in the enterprise ( doesn't matter what type of workstation) as there is security for workstations accessing remotely. Cheers --grish David D. Grisham, Ph.D., CISM, CHSP Manager, IT Security, UNM Hospitals, IT Division 1650 University Blvd, S.500, Albuquerque, NM 87102>>> Timothy Payne <tpayne1 () MACALESTER EDU> 2/18/2009 7:03 AM >>> We are actually pushing away from RDP for a variety of reasons. Currently, we are moving ahead with a plan to migrate any requested applications to our Citrix solution. This also solves another of our issues, which is users storing critical data on their desktops. By moving the application to the network, we also force the data to follow to their personal or group drives. As of now, we have not encountered any programs or users that were unable to move to the new system. Tim Payne, CISSP, CCNA Network Administrator Macalester College On Wed, Feb 18, 2009 at 7:28 AM, Di Fabio, Andrea <adifabio () nsu edu> wrote:
We do provide RDP access to Faculty/Staff Desktops but the users still need to authenticate against our VPN concentrators which limit their access to TCP port 3389, DNS and a few other ports, prevents brute force attacks from the Internet, and prevent account lockouts due to brute force. We limit the ports they have access to via VPN to avoid infection of the well know and exploited MS protocols (and others) and because we do not quite trust the end user machine. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv on behalf of Tim Lane Sent: Tue 2/17/2009 23:30 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Access to Staff Desktops Hi All, We are receiving an increasing number of requests from staff to remotely access their desktops, for a variety of reasons. I would be interested in hearing if any other Universities allow this, and if so how you are providing secure access, or if you have any thoughts/comments on the matter. Thanks, Tim Tim Lane Information Security Program Manager IT&TS Southern Cross University Ph (02) 6620 3290 Mobile 0418 248 571
Current thread:
- Re: Remote Access to Staff Desktops, (continued)
- Re: Remote Access to Staff Desktops Kieper, David (Feb 18)
- Re: Remote Access to Staff Desktops Gary Flynn (Feb 18)
- Re: Remote Access to Staff Desktops HALL, NATHANIEL D. (Feb 18)
- Re: Remote Access to Staff Desktops Mark Monroe (Feb 18)
- Re: Remote Access to Staff Desktops Robin Polak (Feb 18)
- Re: Remote Access to Staff Desktops Bristol, Gary L. (Feb 18)
- Re: Remote Access to Staff Desktops Brawner, David (Feb 18)
- Re: Remote Access to Staff Desktops David Grisham (Feb 18)
- Re: Remote Access to Staff Desktops Justin Dover (Feb 18)
- Re: Remote Access to Staff Desktops Consolvo, Corbett D (Feb 18)
- Re: Remote Access to Staff Desktops John Ladwig (Feb 18)
- Re: Remote Access to Staff Desktops Cal Frye (Feb 18)
- Re: Remote Access to Staff Desktops Emilio Valente (Feb 18)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 18)
- Re: Remote Access to Staff Desktops Anthony Maszeroski (Feb 18)
- Re: Remote Access to Staff Desktops Greg Francis (Feb 18)
- Re: Remote Access to Staff Desktops Stanclift, Michael (Feb 18)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 19)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 20)
- Re: Remote Access to Staff Desktops Himes, Daniel (Feb 20)
- Re: Remote Access to Staff Desktops Hammond, Stanley (Feb 20)
(Thread continues...)