Security Basics mailing list archives

AW: Remote desktop access policy

From: "Johannes Lemmerer" <jlemmerer () node at>
Date: Fri, 18 Jan 2008 21:43:27 +0100

Have you ever thought about a terminal server solution. We at my company
used RSA SecurID to connect to a terminal server that enabled an RDP
connection, or to a published desktop where they could read their mails and
work online while saving the data to the companies network shares. When
setting a citrix timeout you also have to worry less about careless users
leaving their desktop open to the public, because there is no VPN connection
to the company and the citrix app locks itself after a given amount of time.
Would this solution be viable to you?

-- johannes

-----Ursprüngliche Nachricht-----
Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im
Auftrag von Petter Bruland
Gesendet: Freitag, 18. Jänner 2008 17:00
An: WALI; security-basics () securityfocus com
Betreff: RE: Remote desktop access policy

We have about 10 users here who remote into their desktops via RDC over
VPN.

And we only allow users who have home office computers/laptops owned by
the company, to connect via VPN.
Between the VPN network and the LAN, there's gateway antivirus scanning
& spyware scanning. 

So far this seems to work well, but I'd like to take advantage of
Windows Server 2008's NAC feature when that comes out. As we would gain
even more control of the end client. Like checking for a client
Antivirus app etc.

Hopefully we'll see some of the more l33t admins respond to your post,
with some good info about security in this situation.

-Petter

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Friday, January 18, 2008 5:33 AM
To: security-basics () securityfocus com
Subject: Remote desktop access policy

Hi guys...do you have any remote desktop policy clauses that you can
share?
I am having difficulties in trying to tell people the hazards of
haphazardly asking IT guys the perils of asking access to their desktops
when the come in via VPN.

Everyone wants to have a VPN client and then to a remote desktop session
to their desktop.

How can I tell them the threats of doing so? Are there any threats?
Should I restrict such usage? For one, it makes a lot of economic sense
to switch off PC once a user leaves his/her desk for the day.

Current thread:

Analyzing Suspicious Attachment Al Cooper (Jan 17)
- Re: Analyzing Suspicious Attachment Albert R. Campa (Jan 17)
  - RE: Analyzing Suspicious Attachment Brett Kennedy (Jan 17)
    - Remote desktop access policy WALI (Jan 18)
    - RE: Remote desktop access policy Petter Bruland (Jan 18)
    - AW: Remote desktop access policy Johannes Lemmerer (Jan 18)
    - Re: Remote desktop access policy Josh Haft (Jan 18)
    - Re: Remote desktop access policy The Security Community (Jan 18)
    - Re: Remote desktop access policy Kurt Buff (Jan 19)
    - Re: Remote desktop access policy WALI (Jan 21)
    - Re: Remote desktop access policy Kurt Buff (Jan 21)
    - Re: Remote desktop access policy Gleb Paharenko (Jan 18)
    - Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Analyzing Suspicious Attachment Geoffrey Gowey (Jan 17)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)
  - Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)

(Thread continues...)