Educause Security Discussion mailing list archives
Re: Remote Acceses Policies - VPN vs Desktop Access
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Wed, 22 Dec 2010 14:24:36 -0500
On 3/25/2010 1:39 PM, Flynn, Gary wrote:
Do you place any restrictions on remote access to desktops if they're coming through your VPN? For example, Windows Remote Desktop, VNC, PC Anywhere, SSH, X Windows, etc.? Or perhaps not through your VPN (GoToMyPC.com, LogMeIn.com, etc.)? (Am I missing any major ones?)
We try to encourage the use of non-standard ports for RDP and SSH, though we've been a bit lax on VNC/Apple Remote Desktop. Typical desktops are not accessible off-campus (default-deny firewall and NAT), VPN has been used to "obtain access". For those that do open remote desktop, we suggest scoping the firewall exception, and provide information to scope the VPN IP pool. We have provided some vendor access to servers hosting third-party applications (remote support) rather than going VPN. In these cases we require a source IP [range] and destination, and only permit firewall traversal for that window. Jeff
Current thread:
- Re: Remote Acceses Policies - VPN vs Desktop Access Jeff Kell (Dec 22)