Remote Terminal Services / SharePoint Servers

[Dave Koontz <dkoontz () MBC EDU>]

We are getting increased pressure to implement REMOTE (off campus access) to
Microsoft's Terminal Server, Remote RDP to users desktops as well as a new
request for a internet facing SharePoint 2007 server.  In the past, remote
campus access was only allowed via a VPN connection for approved users, but
it seems the times are changing.

As anyone in technology knows, things often times build upon one another.
Our most recent example is a task force that is examining procedures to deal
with any possible "bird-flu" pandemic...  and how as a small college we can
enable our users to work from home should the unimaginable strike.  This of
course would mean that various administrative users that currently have no
remote access would need complete access to our network from any available
PC - IMMEDIATELY.  VPN's generally require Admin rights, which starts our
journey....

The brighter on that committee then connected those dots to ask, how can we
also use this technology to enable our President, Dean, Development and
Admissions "road warriors" similar access via smart phones or internet cafe'
connections.  After all, if we are putting money into such an
infrastructure, would could at least get gains today from that investment.
They also argue that TS, RDP and SharePoint are no more of a risk than any
other service provided that all vendor patch levels are maintained.

I would appreciate any input as to how other campuses are dealing with these
issues.  While they make valid points, I know that there are unpublished
exploits for all these various services which makes me extremely nervous!
But I can't say this isn't the same case for any other external service we
offer.

Thanks in advance!

---
Dave Koontz
Mary Baldwin College
Staunton, VA