Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Remote desktop

Hello, i have a question regarding remote desktop and security.

Is setting up a server for remote desktop connections over the internett a smart thing to do when the company has lots of
business secrets? Is it smart in any case? How easy would it be for a hacker to get into the system?

Dont know if this is the right forum ....

thanks

0
daxa78
Asked:
daxa78
1 Solution
 
Yan_westCommented:
I would not expose terminal services directly on the internet, that is not a good thing to do. An open port directing itself automaticly to a machine awaiting authentication should not be done.

I would put it inside the firewall, and the client  would have to log in the network using VPN first. After using remote desktop would be ok
0
 
grbladesCommented:
Hi daxa78,
I agree with Yan_West that it would be a bad idea. I would only consider doing it if I only permitted specific IP addresses.
Something like a PIX 501 is quite cheap. If you want something that is free but a little complicated to setup on windows clients then you could connect to an internal Linux machine via SSH and use tunneling to connect to the terminal server.
0
 
yokelCommented:
All good advice. Also what exactly do you want to achieve?
For instance allowing encrytpted and authenticated access is obviously an absolute must, especially if the internal server contains senstive company information.
Therefore only allow access from certain IP addresses.
Encrypt the connection
Authenticate the session (passwords and/or certificates)

Also consider putting the server onto a DMZ by itself. Then if the server is compromised (either by a trusted user, or someone who has hacked on), they still do not have access to your internal LAN. Remember if this server is on your trusted LAN then anyone with terminal access to the server has complete access to your LAN with no firewall protection (as they will be logged onto a machine behind your network).
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now