Educause Security Discussion mailing list archives
Re: Remote Acceses Policies - VPN vs Desktop Access
From: Vik Solem <vik.solem () TUFTS EDU>
Date: Thu, 25 Mar 2010 14:45:05 -0400
On Mar 25, 2010, at 13:39 , Flynn, Gary wrote:
Do you place any restrictions on remote access to desktops if they're coming through your VPN? For example, Windows Remote Desktop, VNC, PC Anywhere, SSH, X Windows, etc.? Or perhaps not through your VPN (GoToMyPC.com, LogMeIn.com, etc.)? (Am I missing any major ones?)
Following a particularly rough attack which used RDP (TCP/3389) at a control channel, we put a rule at the border which stops all TCP/3389 inbound. (I'm not sure if the dorms are included, but I think they might be.) This forces people to use the VPN for access to thing that use RDP on port TCP/3389. This doesn't prevent people from using non-standard ports, but it does protect most of the people who use RDP daily. -Vik Vik Solem Sr. Applications Risk Consultant Information Security Tufts University UIT / 617-627-4326 Check Out the UIT Information Security Team blog http://blogs.uit.tufts.edu/infosecteamblog/
Current thread:
- Remote Acceses Policies - VPN vs Desktop Access Flynn, Gary (Mar 25)
- <Possible follow-ups>
- Re: Remote Acceses Policies - VPN vs Desktop Access Vik Solem (Mar 25)
- Re: Remote Acceses Policies - VPN vs Desktop Access Witmer, Robert (Mar 25)
- Re: Remote Acceses Policies - VPN vs Desktop Access Flynn, Gary (Mar 25)