Re: Remote Acceses Policies - VPN vs Desktop Access

[Jeff Kell <jeff-kell () UTC EDU>]

On 3/25/2010 1:39 PM, Flynn, Gary wrote:
> Do you place any restrictions on remote access to desktops if they're coming
> through your VPN? For example, Windows Remote Desktop, VNC, PC Anywhere, SSH, 
> X Windows, etc.? Or perhaps not through your VPN (GoToMyPC.com, LogMeIn.com, etc.)? 
> (Am I missing any major ones?) 

We try to encourage the use of non-standard ports for RDP and SSH, though we've been a
bit lax on VNC/Apple Remote Desktop.

Typical desktops are not accessible off-campus (default-deny firewall and NAT), VPN has
been used to "obtain access".  For those that do open remote desktop, we suggest scoping
the firewall exception, and provide information to scope the VPN IP pool.

We have provided some vendor access to servers hosting third-party applications (remote
support) rather than going VPN.  In these cases we require a source IP [range] and
destination, and only permit firewall traversal for that window.

Jeff