Solved

Substitutes for Rdp (to remote from Windows to Linux)

Posted on 2016-09-02
12
34 Views
Last Modified: 2016-09-10
Can anyone suggest any freewares that enables Windows users to 'Rdp' into a
Linux (say RHEL or Ubuntu)?

Ideally it
a) supports encryption &
b) allows me to do copy/paste between the Windows & the Linux
0
Comment
Question by:sunhux
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 110 total points
ID: 41782052
Linux with X windows on it or to a command shell?
If running X windows then an X11 client on windows.
If to the command prompt then putty.exe and use ssh to connect.
0
 
LVL 5

Accepted Solution

by:
TechieMD earned 280 total points
ID: 41782053
x2go is probably your best bet. The link provided gives detailed installation and configuration instructions as well.
0
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 110 total points
ID: 41782795
There is a free X11 server for windows xming http://www.straightrunning.com/XmingNotes/

X11 over SSH is as secure as SSH (very)

However, I also use xrdp http://www.xrdp.org/ to provide access to a Linux desktop over RDP using just the native RDP client on Windows, and will usually have better performance in a WAN environment.

VNC is another option
0
 

Author Comment

by:sunhux
ID: 41782875
My intention is to set up a Linux laptop/PC in each dept so that users in each
dept could remote into their respective dept's Linux to browse Internet.

We have been hit by ransomware & malwares when users' Windows PCs
browse internet or they click on URL given in the email.

Not command prompt as don't want users to fiddle with Unix commands.
Thanks for the solutions;  ideally once user remote into the Linux, they
can auto launch a browser or they can paste the URL from their Windows
Outlook email into the browser.

Thing is I'm concerned with files transfer from the Linux back to their
Windows esp if the files downloaded are 'infected'
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 41782921
A nice idea, but how will you stop people from just running a browser on their own computer ?

The better solution is to reduce your attack surface.

Do any of your users run as Local Admin ? or Power Users ?

What anti-virus/ant-malware do you run ?

Have you looked at solutions such as cryptoprevent ?

have you thought about reversing your idea, have everyone with Linux desktops and access a locked down RDS server for Windows applications ?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 110 total points
ID: 41782961
"A nice idea, but how will you stop people from just running a browser on their own computer ?"

Block port 80/8080/443 etc from EVERYWHERE except allowed machines maybe?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:sunhux
ID: 41783037
>how will you stop people from just running a browser on their own computer ?
Yes, block the 3 ports or we use our proxy to block users & only a few selected
'highly' trusted sites could be allowed.

PCs/laptops that access prod servers are blocked completely from accessing Internet

Our users don't hv Admin nor Power Users rights
0
 

Author Comment

by:sunhux
ID: 41783040
Thing is there is very much less malwares & crypto that run on Linux:
I have 2 ex-colleagues who run their laptops on RHEL while a couple of
kids on MAC OSX : they never need to have any AV on their laptops
& never get into AV issues even though the kids use their MACs to
watch movies at  highly malicious sites like gooddrama.net

Fireeye also told me in their IOC assessment & engagement, they only
look at Windows : I've personally seen malwares/viruses uploaded to
UNIX/RHEL servers but they do nothing there as they can't execute
nor exploit
0
 

Author Comment

by:sunhux
ID: 41783041
> malwares/viruses uploaded to UNIX/RHEL servers
I mean malwares/viruses that attack Windows but not UNIX
0
 

Author Comment

by:sunhux
ID: 41783044
> The better solution is to reduce your attack surface.
We have been using a top-brand proxy that auto-updates malicious sites from
their intelligence site, plus a Network IPS (from a top vendor) plus AV in our
PCs/laptops : still get infected
0
 

Author Comment

by:sunhux
ID: 41783047
Users using Linux Desktop : I'm afraid that's too big a change for them:
they are used to MS Office & Outlook & some their apps clients
(like SAP & Citrix etc etc).

For tech/IT staff, maybe but not for users
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 41783078
sounds like your firewall is capable

if you're still seeing infections when people are not local admins, and you have a filtering proxy and AV, then I would suggest that one or both is not configured correctly, I not infrequently see AV installed, but effectively not working, the most frequent is people that whitelist directories (or the whole C: drive)  "for performance"...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now