Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Secure Remote Connections
From: Jack Daniel <jackadaniel () gmail com>
Date: Wed, 11 Aug 2010 22:17:59 -0400

My answer to most things remote-access related is OpenVPN.  Make the users
establish the VPN connection, and tunnel whatever they need through that
(don't allow any direct access to resources over the Internet).  Tie OpenVPN
authentication to your domain, add granular rules by user, and you have an
answer.  You can even let them keep their RDP autologin for now, and fight
the desktop battle later.  OpenVPN does require local admin rights on
Windows (for now, they're working on solving that), but I bet your road
warriors have admin rights on their systems.

Jack



On Wed, Aug 11, 2010 at 2:28 PM, Tyler Robinson <pcimpressions () gmail com>wrote:

Alright so after failing a recent security audit which I knew we would I
have a little bit of fire to allow me to make some corp changes one of them
being remote devices and policy. Currently there are mobile devices
unencrypted, and with cheesy passwords out on the road using unsecured RDP
to connect back to our terminal server to use apps, My question is what is
going to be an easy to roll out solution to make this situation secure I
worry that one of these devices will get stolen or sniffed and the terminal
server is on the LAN with the rest of everything , it’s a flat domain… so
how to I allow remote connections securely without allowing them to save
there stupid RDP Connection credentials(set to autologin) on an unpassworded
desktop. Any ideas or suggestions I have one year to plan, implement and
change this broken system, over about 10 corps all releated and setup the
same….

Thanks as always to everyone,

TR

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault