Security Basics mailing list archives
Re: Remote desktop access policy
From: "Josh Haft" <pacmansyu () gmail com>
Date: Fri, 18 Jan 2008 15:20:58 -0600
On Jan 18, 2008 12:15 PM, Petter Bruland <pbruland () fcglv com> wrote:
The issue with that is that "important" people can't wait for a large file to transfer to their home PC, in order for them to work on it. Working via RDC is a faster and better solution for them. And when you do work from home in the evening/morning, you can disconnect when you're done, then when you get to the office and log in everything is where you left it. Well, except the days when we roll out Windows updates. Plus if a firewall/VPN setup is configured to only allow RDC traffic, I would think that's better than allowing full/partial direct server. Also with a semi locked down VPN connection only allowing RDC, I would think that the importance of a "clean" end-user machine isn't as important as if they had more access. -Petter -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jenna Sent: Friday, January 18, 2008 9:10 AM To: security-basics () securityfocus com Subject: Re: Remote desktop access policy Hi My main concern would be why they requre access to their desktop. Anything to do with the business should be on a file server to ensure it gets backed up. Users would then only need access to the server thus negating the need to leave their desktops left on. If you allow any access to your network, ensure you have a tool in place to check that their home machine has an updated AV as well as MS updates. Users will also be able to copy files to their home machine so ensure this is covered by the policy and ensure everybody is aware - you could ask people to sign a form acknowledging this. Jenna
I'd have to agree with Petter here. If you're going to open VPN for users, you're better off allowing access only to their desktops. Once they're logged in there, they would be restricted to the same access rules as when they're in the office. In addition, this negates the requirement of scanning their home PCs, since they never directly access internal sources. It's much more difficult to protect computers you never have logical/physical access to. Josh
Current thread:
- Re: Remote desktop access policy jenna (Jan 18)
- RE: Remote desktop access policy Petter Bruland (Jan 18)
- RE: Remote desktop access policy Dave Spillers (Jan 18)
- AW: Remote desktop access policy Johannes Lemmerer (Jan 18)
- Storing doc pdfs within an application or database? WALI (Jan 21)
- RE: Storing doc pdfs within an application or database? Ramsdell, Scott (Jan 21)
- RE: Remote desktop access policy Dave Spillers (Jan 18)
- RE: Remote desktop access policy Petter Bruland (Jan 18)
- Re: Remote desktop access policy Josh Haft (Jan 18)
- <Possible follow-ups>
- Re: Remote desktop access policy David Glosser (Jan 18)