Educause Security Discussion mailing list archives
Re: Remote Terminal Services / SharePoint Servers
From: "Bristol, Gary L." <gbristol () OU EDU>
Date: Thu, 11 Jan 2007 10:20:37 -0600
Yes, configuring each application to tunnel thru the ssh connection would be a great increase in the support required, but what I was referring too was rdp access to the users desktop which has the applications running on them. RDP tunneling access is realitively easy. We also have sever methods for acces, such as Cisco VPN and a SSL VPN. -----Original Message----- From: Russell Fulton [mailto:r.fulton () AUCKLAND AC NZ] Sent: Thursday, January 11, 2007 2:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Remote Terminal Services / SharePoint Servers Bristol, Gary L. wrote:
Besides the use of SSL VPN devices, which we have a couple flavors of, another option that we use are SSH Bastion hosts. I have several in place that provide different parts of the user community access to the resources they need. The Hosts are linux based and authenicate the users via Kerberos to the Microsoft AD domain controllers. This provides a very effective means of connecting securely and still having the resources on the inside available to the users and isolated from common off campus access, ie hackers.
We also operate ssh gateway machines (in our case protected by two factor Auth) and it is used almost exclusively by systems administration staff and the odd tech savy academic. The thought of getting 'ordinary' users to do this make me rather nervous because of the support issues. The big disadvantage that I see is that each service requires configuration in the ssh client and then the user has to do something different with each application that the want to use. The big advantage of a decent VPN is that once the connection is established it is largely transparent to the user. Everything works just as if they are on campus -- so long as they have a nice fast DSL connection. Currently we use Cisco VPN which works OK for the most part. I have the odd problem with the Mac client which sometimes throws it toys out of the cot declaring that it "cant initialise VPN system because there are no internet connections" at which point I give up on it and use SSH. Russell
Attachment:
smime.p7s
Description:
Current thread:
- Remote Terminal Services / SharePoint Servers Dave Koontz (Jan 10)
- <Possible follow-ups>
- Re: Remote Terminal Services / SharePoint Servers Lovaas,Steven R (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Russell Fulton (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Vuong Phung (Jan 11)