Educause Security Discussion mailing list archives
Re: Remote Terminal Services / SharePoint Servers
From: Vuong Phung <vphung () SCIENCE SJSU EDU>
Date: Thu, 11 Jan 2007 08:40:58 -0800
For years we are using the combination of SSH tunneling + XP RDP (or VNC for non-XP/Windows desktops) for remote access to users' desktop. We have OSX server connect to AD to provide SSH access that utilize the same account on AD that users use to logon to their desktops. You can find detailed setup on the client side here http://www.angeltech.us/?RESOURCES:Technical_How_To:Remote_Desktop ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vuong Phung Operating Systems Administrator College of Science - Dean's Office San Jose State University One Washington Square San Jose, CA 95192-0099 Duncan Hall 33 Tel 1.408.924.5056 Fax 1.408.924.5033 Web https://ncs.science.sjsu.edu/helpdesk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: Dave Koontz [mailto:dkoontz () MBC EDU] Sent: Wednesday, January 10, 2007 4:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Terminal Services / SharePoint Servers We are getting increased pressure to implement REMOTE (off campus access) to Microsoft's Terminal Server, Remote RDP to users desktops as well as a new request for a internet facing SharePoint 2007 server. In the past, remote campus access was only allowed via a VPN connection for approved users, but it seems the times are changing. As anyone in technology knows, things often times build upon one another. Our most recent example is a task force that is examining procedures to deal with any possible "bird-flu" pandemic... and how as a small college we can enable our users to work from home should the unimaginable strike. This of course would mean that various administrative users that currently have no remote access would need complete access to our network from any available PC - IMMEDIATELY. VPN's generally require Admin rights, which starts our journey.... The brighter on that committee then connected those dots to ask, how can we also use this technology to enable our President, Dean, Development and Admissions "road warriors" similar access via smart phones or internet cafe' connections. After all, if we are putting money into such an infrastructure, would could at least get gains today from that investment. They also argue that TS, RDP and SharePoint are no more of a risk than any other service provided that all vendor patch levels are maintained. I would appreciate any input as to how other campuses are dealing with these issues. While they make valid points, I know that there are unpublished exploits for all these various services which makes me extremely nervous! But I can't say this isn't the same case for any other external service we offer. Thanks in advance! --- Dave Koontz Mary Baldwin College Staunton, VA
Current thread:
- Remote Terminal Services / SharePoint Servers Dave Koontz (Jan 10)
- <Possible follow-ups>
- Re: Remote Terminal Services / SharePoint Servers Lovaas,Steven R (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 10)
- Re: Remote Terminal Services / SharePoint Servers Russell Fulton (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Bristol, Gary L. (Jan 11)
- Re: Remote Terminal Services / SharePoint Servers Vuong Phung (Jan 11)