Link to home
Create AccountLog in
Avatar of sunhux
sunhux

asked on

Substitutes for Rdp (to remote from Windows to Linux)

Can anyone suggest any freewares that enables Windows users to 'Rdp' into a
Linux (say RHEL or Ubuntu)?

Ideally it
a) supports encryption &
b) allows me to do copy/paste between the Windows & the Linux
SOLUTION
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of sunhux
sunhux

ASKER

My intention is to set up a Linux laptop/PC in each dept so that users in each
dept could remote into their respective dept's Linux to browse Internet.

We have been hit by ransomware & malwares when users' Windows PCs
browse internet or they click on URL given in the email.

Not command prompt as don't want users to fiddle with Unix commands.
Thanks for the solutions;  ideally once user remote into the Linux, they
can auto launch a browser or they can paste the URL from their Windows
Outlook email into the browser.

Thing is I'm concerned with files transfer from the Linux back to their
Windows esp if the files downloaded are 'infected'
A nice idea, but how will you stop people from just running a browser on their own computer ?

The better solution is to reduce your attack surface.

Do any of your users run as Local Admin ? or Power Users ?

What anti-virus/ant-malware do you run ?

Have you looked at solutions such as cryptoprevent ?

have you thought about reversing your idea, have everyone with Linux desktops and access a locked down RDS server for Windows applications ?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of sunhux

ASKER

>how will you stop people from just running a browser on their own computer ?
Yes, block the 3 ports or we use our proxy to block users & only a few selected
'highly' trusted sites could be allowed.

PCs/laptops that access prod servers are blocked completely from accessing Internet

Our users don't hv Admin nor Power Users rights
Avatar of sunhux

ASKER

Thing is there is very much less malwares & crypto that run on Linux:
I have 2 ex-colleagues who run their laptops on RHEL while a couple of
kids on MAC OSX : they never need to have any AV on their laptops
& never get into AV issues even though the kids use their MACs to
watch movies at  highly malicious sites like gooddrama.net

Fireeye also told me in their IOC assessment & engagement, they only
look at Windows : I've personally seen malwares/viruses uploaded to
UNIX/RHEL servers but they do nothing there as they can't execute
nor exploit
Avatar of sunhux

ASKER

> malwares/viruses uploaded to UNIX/RHEL servers
I mean malwares/viruses that attack Windows but not UNIX
Avatar of sunhux

ASKER

> The better solution is to reduce your attack surface.
We have been using a top-brand proxy that auto-updates malicious sites from
their intelligence site, plus a Network IPS (from a top vendor) plus AV in our
PCs/laptops : still get infected
Avatar of sunhux

ASKER

Users using Linux Desktop : I'm afraid that's too big a change for them:
they are used to MS Office & Outlook & some their apps clients
(like SAP & Citrix etc etc).

For tech/IT staff, maybe but not for users
sounds like your firewall is capable

if you're still seeing infections when people are not local admins, and you have a filtering proxy and AV, then I would suggest that one or both is not configured correctly, I not infrequently see AV installed, but effectively not working, the most frequent is people that whitelist directories (or the whole C: drive)  "for performance"...