Re: Remote desktop access policy

["The Security Community" <thesecuritycommunity () gmail com>]

A PC in S3 ("standby") can Wake-On-LAN for an RDP connection.  Agreed,
that's not exactly being "turned off" but it's a lower power state
than being turned on.

Giving any user VPN access is a crapshoot.  If they could be given VPN
access _RESTRICTED_ to an RDP session to their desktop (or a Terminal
Server dedicated to VPN access), I think that would be ideal.

As for the insecurities of RDP itself, they all come down to desktop
configuration issues (blank Admin passwords, etc).  Since RDP became a
default service with XP I've only seen at most a handful of security
notices and the worst were denial of service attacks.

On Jan 18, 2008 8:33 AM, WALI <hkhasgiwale () gmail com> wrote:
> Hi guys...do you have any remote desktop policy clauses that you can share?
> I am having difficulties in trying to tell people the hazards of haphazardly
> asking IT guys the perils of asking access to their desktops when the come
> in via VPN.
>
> Everyone wants to have a VPN client and then to a remote desktop session to
> their desktop.
>
> How can I tell them the threats of doing so? Are there any threats? Should I
> restrict such usage? For one, it makes a lot of economic sense to switch off
> PC once a user leaves his/her desk for the day.