Educause Security Discussion mailing list archives
Re: Remote Acceses Policies - VPN vs Desktop Access
From: "Flynn, Gary" <flynngn () JMU EDU>
Date: Thu, 25 Mar 2010 15:36:15 -0400
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Vik Solem Sent: Thursday, March 25, 2010 2:45 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Remote Acceses Policies - VPN vs Desktop Access On Mar 25, 2010, at 13:39 , Flynn, Gary wrote:Do you place any restrictions on remote access to desktops if they're coming through your VPN? For example, Windows Remote Desktop, VNC, PC Anywhere, SSH, X Windows, etc.? Or perhaps not through your VPN (GoToMyPC.com, LogMeIn.com, etc.)? (Am I missing any major ones?)Following a particularly rough attack which used RDP (TCP/3389) at a control channel, we put a rule at the border which stops all TCP/3389 inbound. (I'm not sure if the dorms are included, but I think they might be.)
We don't allow any inbound TCP unless it was specifically requested so the direct channel is pretty limited.
This forces people to use the VPN for access to thing that use RDP on port TCP/3389. This doesn't prevent people from using non-standard ports, but it does protect most of the people who use RDP daily.
Once they're on the VPN, do you have any restrictions to their desktop from that point? That is, can any VPN user connect to their desktop?
Current thread:
- Remote Acceses Policies - VPN vs Desktop Access Flynn, Gary (Mar 25)
- <Possible follow-ups>
- Re: Remote Acceses Policies - VPN vs Desktop Access Vik Solem (Mar 25)
- Re: Remote Acceses Policies - VPN vs Desktop Access Witmer, Robert (Mar 25)
- Re: Remote Acceses Policies - VPN vs Desktop Access Flynn, Gary (Mar 25)