Educause Security Discussion mailing list archives
Re: Remote Terminal Services / SharePoint Servers
From: "Bristol, Gary L." <gbristol () OU EDU>
Date: Thu, 11 Jan 2007 00:12:36 -0600
Besides the use of SSL VPN devices, which we have a couple flavors of, another option that we use are SSH Bastion hosts. I have several in place that provide different parts of the user community access to the resources they need. The Hosts are linux based and authenicate the users via Kerberos to the Microsoft AD domain controllers. This provides a very effective means of connecting securely and still having the resources on the inside available to the users and isolated from common off campus access, ie hackers. Gary L. Bristol CISSP, RHCE University of Oklahoma 175 Kuhlman Court Norman, OK 73019 Office: 405-325-2236 Cell: 405-409-6406 ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you ********************************************************************** ________________________________ From: Dave Koontz [mailto:dkoontz () MBC EDU] Sent: Wed 1/10/2007 6:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Terminal Services / SharePoint Servers We are getting increased pressure to implement REMOTE (off campus access) to Microsoft's Terminal Server, Remote RDP to users desktops as well as a new request for a internet facing SharePoint 2007 server. In the past, remote campus access was only allowed via a VPN connection for approved users, but it seems the times are changing. As anyone in technology knows, things often times build upon one another. Our most recent example is a task force that is examining procedures to deal with any possible "bird-flu" pandemic... and how as a small college we can enable our users to work from home should the unimaginable strike. This of course would mean that various administrative users that currently have no remote access would need complete access to our network from any available PC - IMMEDIATELY. VPN's generally require Admin rights, which starts our journey.... The brighter on that committee then connected those dots to ask, how can we also use this technology to enable our President, Dean, Development and Admissions "road warriors" similar access via smart phones or internet cafe' connections. After all, if we are putting money into such an infrastructure, would could at least get gains today from that investment. They also argue that TS, RDP and SharePoint are no more of a risk than any other service provided that all vendor patch levels are maintained. I would appreciate any input as to how other campuses are dealing with these issues. While they make valid points, I know that there are unpublished exploits for all these various services which makes me extremely nervous! But I can't say this isn't the same case for any other external service we offer. Thanks in advance! --- Dave Koontz Mary Baldwin College Staunton, VA
Current thread:
- Remote Terminal Services / SharePoint Servers Dave Koontz (Jan 10)
- <Possible follow-ups>
- Re: Remote Terminal Services / SharePoint Servers Lovaas,Steven R (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Russell Fulton (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Vuong Phung (Jan 11)