Home page logo
/

basics logo Security Basics mailing list archives

Re: Remote Web Workplace security
From: barcajax () gmail com
Date: 4 Mar 2006 08:58:19 -0000

You're not paranoid... you're using your brain that's all. Not tunnelling RDP through a VPN tunnel would require you to 
allow incoming RDP connections through your corporate perimeter firewall. People scanning your firewall would be able 
to discover that RDP is allowed and start targetting those RDP-enabled servers/workstations. RDP has had a history of 
vulnerabilities. Found two references from M$'s website for your review.
http://www.microsoft.com/technet/security/advisory/904797.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx

Using VPN is the right strategy because you can apply access control to ensure that your users authenticate first 
before connecting to servers they are authorised to via RDP.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]