Re: RDP and Campus Computers

["Scholz, Greg" <gscholz () KEENE EDU>]

Interesting. We did something similar.

We moved to a terminal service server (only 5 or so concurrent users at
any one time so performance is not a concern at this point).

We let them access it either over SSL or IPSec. We really only advertise
the IPSec because even though you have to install it on the end machine
it is more comfortable for the end user (Cisco application access is
still kind of clunky). The IPSec only allows access to the TermServer -
or special access based on specific request/approval.

I saw someone else responded with how to disable your clipboard. I was
looking for this answer as well.

But I also have a question for the list on this topic.  The only real
complaint we have at this point is when users want to print a document
to their home computers. I think this is a bad idea in many ways but I
am being told I should look into if/how this can be done because a
"business process control" can/should keep them from printing the "bad"
document rather than a technical control that keeps everyone from
printing anything to their home computer.

What does the list think about this in general? And what about solutions
using IPSec or SSL VPN and/or terminal services?

_________________________
Thank you,
Gregory R. Scholz
Director of Telecommunications
Information Technology Group
Keene State College
(603)358-2070
 
--Lead, follow, or get out of the way. 
(author unknown)
 
-----Original Message-----
From: Carroll, John [mailto:carrolljw () LONGWOOD EDU] 
Sent: Wednesday, November 07, 2007 11:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] RDP and Campus Computers

We at Longwood have been trying to find a solution that would allow our
faculty and staff to work from home while preventing them from
downloading or storing potentially sensitive data on their personal
computers. One solution that we are favoring is leveraging our SSL VPN
Cisco client with the Remote Desktop to the users office computer. The
issue with that appears to be the clipboard "cut and paste", which
allows you to essentially copy data from work to your personal computer.
To further aggravate, the option to enable and disable this feature
appears to be with the client side (home user). I have not had much luck
finding a solution on the web to disable the "cut and paste"
(rdpclip.exe) permanently. It is a Windows protected file.

Has anyone attempted to do this and found the same issue or perhaps a
solution or, do we need to find an alternative method and give-up on
RDP?


Any suggestions or advice would be most welcome.


John Carroll
Information Security Office
Longwood University