Solved

Remote desktop

Posted on 2004-08-10
3
234 Views
Last Modified: 2010-04-08
Hello, i have a question regarding remote desktop and security.

Is setting up a server for remote desktop connections over the internett a smart thing to do when the company has lots of
business secrets? Is it smart in any case? How easy would it be for a hacker to get into the system?

Dont know if this is the right forum ....

thanks

0
Comment
Question by:daxa78
3 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 250 total points
ID: 11762849
I would not expose terminal services directly on the internet, that is not a good thing to do. An open port directing itself automaticly to a machine awaiting authentication should not be done.

I would put it inside the firewall, and the client  would have to log in the network using VPN first. After using remote desktop would be ok
0
 
LVL 36

Expert Comment

by:grblades
ID: 11765777
Hi daxa78,
I agree with Yan_West that it would be a bad idea. I would only consider doing it if I only permitted specific IP addresses.
Something like a PIX 501 is quite cheap. If you want something that is free but a little complicated to setup on windows clients then you could connect to an internal Linux machine via SSH and use tunneling to connect to the terminal server.
0
 
LVL 3

Expert Comment

by:yokel
ID: 11767791
All good advice. Also what exactly do you want to achieve?
For instance allowing encrytpted and authenticated access is obviously an absolute must, especially if the internal server contains senstive company information.
Therefore only allow access from certain IP addresses.
Encrypt the connection
Authenticate the session (passwords and/or certificates)

Also consider putting the server onto a DMZ by itself. Then if the server is compromised (either by a trusted user, or someone who has hacked on), they still do not have access to your internal LAN. Remember if this server is on your trusted LAN then anyone with terminal access to the server has complete access to your LAN with no firewall protection (as they will be logged onto a machine behind your network).
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now