Educause Security Discussion mailing list archives
Re: RDP access to Servers from computing staff workstations.
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Tue, 8 Jun 2010 13:06:06 -0400
On 6/8/2010 11:53 AM, Eme Ejike wrote:
On the linux/Unix/solaris environments, we have a bastion host set up for management access to servers from our computing staff workstations. However, no infrastructure was defined for access to the windows servers which i am currently planning to set a structure for. I would sincerely appreciate some feedback on how management access has been setup for access to the server environment from your computing staff workstations. What model do most Security Admins within our forum gravitate towards.
We have a "standard non-standard" route for this, using SSH, RDP, or VNC (depending on the target platform) on a nonstandard port. Users are encouraged to restrict access to the relocated service port to specific IPs/subnets (we have authorized ITD staff and departmental sysadmins in predictable subnets, as well as our VPN pools). Public-facing SSH/RDP/etc are practically nonexistant except in very special situations. Changing the ports avoids script kiddies but obviously does little against a targeted attack. This was not done overnight, however :-) Identify your users and work with them individually to transition them to whatever method you choose. Jeff
Current thread:
- RDP access to Servers from computing staff workstations. Eme Ejike (Jun 08)
- <Possible follow-ups>
- Re: RDP access to Servers from computing staff workstations. Stanclift, Michael (Jun 08)
- Re: RDP access to Servers from computing staff workstations. Jeff Kell (Jun 08)
- Re: RDP access to Servers from computing staff workstations. Bristol, Gary L. (Jun 08)
- Re: RDP access to Servers from computing staff workstations. Eme Ejike (Jun 08)