?
Solved

remote desktop solution

Posted on 2011-10-31
4
Medium Priority
?
342 Views
Last Modified: 2012-05-12
We have couple branch office in different location
Total remote user are about 15 to 20
They are using remote desktop to connect our terminal server
I am not sure this is safe because anybody could connect our terminal server if they know
public IP and user name and password.
Is there any other way to connect using remote deskop such as mac address or others ?
and Also we are willing to pay remote solution, what is most safy and popular soulation?

Thank you
0
Comment
Question by:chungsterp
  • 2
4 Comments
 
LVL 99

Accepted Solution

by:
John Hurst earned 668 total points
ID: 37059889
>>> anybody could connect our terminal server if they know public IP and user name and password.

Yes, of course.

A better way is to put an IPSec VPN router in your offices. I am not clear if the users are remote to any office or if it is just the offices you wish to connect. But assuming the latter, implement VPN between branches and that will secure it. You can also remote into such a setup . .... Thinkpads_User
0
 
LVL 6

Assisted Solution

by:jzaniewski
jzaniewski earned 668 total points
ID: 37063416
Configuring a site-to-site VPN would ensure a secure solution for your branch office. If you have telecommuters or road-warriors, you would also need to implement a client-server VPN solution.

A poor-mans solution would be to change the port number in the inbound connections by using PAT (port address translation) on your firewall.

EX: configure your firewall to except connections from port 45500 (or any high port number) and translate 45500 to 3389 using PAT.  When a user goes to connect using the RDP client, have them append :45500 to the end of the URL or IP.  such as "mydomain.com:45500" or "xxx.xxx.xxx.xxx:45500". This doesn't stop people you don't want from still getting in, but they would now need to know the port number as well.  If you have an IPS/IDS solution on the firewall, any port scans would be blocked and a scan for open ports probably wouldn't be found easily.
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 664 total points
ID: 37090959
Though I agree a proper VPN solution is the best option tsmvp has a very slick little tweak for "Customizing the Remote Desktop Connection Client" that has always impressed me, and adds some security:
http://www.wtslabs.com/Downloads/CustomRDC.zip
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 37141100
Thank you and I was pleased to assist. .... Thinkpads_User
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question