Solved

Remote desktop

Posted on 2004-08-10
3
246 Views
Last Modified: 2010-04-08
Hello, i have a question regarding remote desktop and security.

Is setting up a server for remote desktop connections over the internett a smart thing to do when the company has lots of
business secrets? Is it smart in any case? How easy would it be for a hacker to get into the system?

Dont know if this is the right forum ....

thanks

0
Comment
Question by:daxa78
3 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 250 total points
ID: 11762849
I would not expose terminal services directly on the internet, that is not a good thing to do. An open port directing itself automaticly to a machine awaiting authentication should not be done.

I would put it inside the firewall, and the client  would have to log in the network using VPN first. After using remote desktop would be ok
0
 
LVL 36

Expert Comment

by:grblades
ID: 11765777
Hi daxa78,
I agree with Yan_West that it would be a bad idea. I would only consider doing it if I only permitted specific IP addresses.
Something like a PIX 501 is quite cheap. If you want something that is free but a little complicated to setup on windows clients then you could connect to an internal Linux machine via SSH and use tunneling to connect to the terminal server.
0
 
LVL 3

Expert Comment

by:yokel
ID: 11767791
All good advice. Also what exactly do you want to achieve?
For instance allowing encrytpted and authenticated access is obviously an absolute must, especially if the internal server contains senstive company information.
Therefore only allow access from certain IP addresses.
Encrypt the connection
Authenticate the session (passwords and/or certificates)

Also consider putting the server onto a DMZ by itself. Then if the server is compromised (either by a trusted user, or someone who has hacked on), they still do not have access to your internal LAN. Remember if this server is on your trusted LAN then anyone with terminal access to the server has complete access to your LAN with no firewall protection (as they will be logged onto a machine behind your network).
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question