Educause Security Discussion
mailing list archives
Re: Remote Terminal Services / SharePoint Servers
From: "Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>
Date: Wed, 10 Jan 2007 18:29:31 -0700
Many organizations are using SSL VPNs for this purpose. We just installed a Juniper (formerly NetScreen formerly
Neoteris) Secure Access Server to provide more flexible remote (and wireless) access, and it includes the ability to
easily tunnel Remote Desktop/Terminal Services.
In fact, Juniper is selling a license flavor for this product that they call "ICE" - short for "In Case of Emergency",
specifically marketing to people concerned about emergency large-scale network access. It allows for short-term
exceeding of normal licensed user limits, etc.
Hope this helps,
Colorado State University
From: Dave Koontz [dkoontz () MBC EDU]
Sent: Wednesday, January 10, 2007 5:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Remote Terminal Services / SharePoint Servers
We are getting increased pressure to implement REMOTE (off campus access) to Microsoft's Terminal Server, Remote RDP to
users desktops as well as a new request for a internet facing SharePoint 2007 server. In the past, remote campus
access was only allowed via a VPN connection for approved users, but it seems the times are changing.
As anyone in technology knows, things often times build upon one another. Our most recent example is a task force that
is examining procedures to deal with any possible "bird-flu" pandemic... and how as a small college we can enable our
users to work from home should the unimaginable strike. This of course would mean that various administrative users
that currently have no remote access would need complete access to our network from any available PC - IMMEDIATELY.
VPN's generally require Admin rights, which starts our journey....
The brighter on that committee then connected those dots to ask, how can we also use this technology to enable our
President, Dean, Development and Admissions "road warriors" similar access via smart phones or internet cafe'
connections. After all, if we are putting money into such an infrastructure, would could at least get gains today from
that investment. They also argue that TS, RDP and SharePoint are no more of a risk than any other service provided
that all vendor patch levels are maintained.
I would appreciate any input as to how other campuses are dealing with these issues. While they make valid points, I
know that there are unpublished exploits for all these various services which makes me extremely nervous! But I can't
say this isn't the same case for any other external service we offer.
Thanks in advance!
Mary Baldwin College