Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Remote Terminal Services / SharePoint Servers
From: Vuong Phung <vphung () SCIENCE SJSU EDU>
Date: Thu, 11 Jan 2007 08:40:58 -0800

For years we are using the combination of SSH tunneling + XP RDP (or VNC for non-XP/Windows desktops) for remote access 
to users' desktop. We have OSX server connect to AD to provide SSH access that utilize the same account on AD that 
users use to logon to their desktops. You can find detailed setup on the client side here

http://www.angeltech.us/?RESOURCES:Technical_How_To:Remote_Desktop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vuong Phung
Operating Systems Administrator
College of Science - Dean's Office

San Jose State University
One Washington Square
San Jose, CA 95192-0099
Duncan Hall 33

Tel 1.408.924.5056
Fax 1.408.924.5033
Web https://ncs.science.sjsu.edu/helpdesk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: Dave Koontz [mailto:dkoontz () MBC EDU]
Sent: Wednesday, January 10, 2007 4:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Remote Terminal Services / SharePoint Servers


We are getting increased pressure to implement REMOTE (off campus access) to
Microsoft's Terminal Server, Remote RDP to users desktops as well as a new
request for a internet facing SharePoint 2007 server.  In the past, remote
campus access was only allowed via a VPN connection for approved users, but
it seems the times are changing.
 
As anyone in technology knows, things often times build upon one another.
Our most recent example is a task force that is examining procedures to deal
with any possible "bird-flu" pandemic...  and how as a small college we can
enable our users to work from home should the unimaginable strike.  This of
course would mean that various administrative users that currently have no
remote access would need complete access to our network from any available
PC - IMMEDIATELY.  VPN's generally require Admin rights, which starts our
journey....
 
The brighter on that committee then connected those dots to ask, how can we
also use this technology to enable our President, Dean, Development and
Admissions "road warriors" similar access via smart phones or internet cafe'
connections.  After all, if we are putting money into such an
infrastructure, would could at least get gains today from that investment.
They also argue that TS, RDP and SharePoint are no more of a risk than any
other service provided that all vendor patch levels are maintained.
 
I would appreciate any input as to how other campuses are dealing with these
issues.  While they make valid points, I know that there are unpublished
exploits for all these various services which makes me extremely nervous!
But I can't say this isn't the same case for any other external service we
offer.
 
Thanks in advance!
 
---
Dave Koontz
Mary Baldwin College
Staunton, VA
 
 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]