Solved

Remote desktop

Posted on 2004-08-10
3
249 Views
Last Modified: 2010-04-08
Hello, i have a question regarding remote desktop and security.

Is setting up a server for remote desktop connections over the internett a smart thing to do when the company has lots of
business secrets? Is it smart in any case? How easy would it be for a hacker to get into the system?

Dont know if this is the right forum ....

thanks

0
Comment
Question by:daxa78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 250 total points
ID: 11762849
I would not expose terminal services directly on the internet, that is not a good thing to do. An open port directing itself automaticly to a machine awaiting authentication should not be done.

I would put it inside the firewall, and the client  would have to log in the network using VPN first. After using remote desktop would be ok
0
 
LVL 36

Expert Comment

by:grblades
ID: 11765777
Hi daxa78,
I agree with Yan_West that it would be a bad idea. I would only consider doing it if I only permitted specific IP addresses.
Something like a PIX 501 is quite cheap. If you want something that is free but a little complicated to setup on windows clients then you could connect to an internal Linux machine via SSH and use tunneling to connect to the terminal server.
0
 
LVL 3

Expert Comment

by:yokel
ID: 11767791
All good advice. Also what exactly do you want to achieve?
For instance allowing encrytpted and authenticated access is obviously an absolute must, especially if the internal server contains senstive company information.
Therefore only allow access from certain IP addresses.
Encrypt the connection
Authenticate the session (passwords and/or certificates)

Also consider putting the server onto a DMZ by itself. Then if the server is compromised (either by a trusted user, or someone who has hacked on), they still do not have access to your internal LAN. Remember if this server is on your trusted LAN then anyone with terminal access to the server has complete access to your LAN with no firewall protection (as they will be logged onto a machine behind your network).
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question