sunhux
asked on
Substitutes for Rdp (to remote from Windows to Linux)
Can anyone suggest any freewares that enables Windows users to 'Rdp' into a
Linux (say RHEL or Ubuntu)?
Ideally it
a) supports encryption &
b) allows me to do copy/paste between the Windows & the Linux
Linux (say RHEL or Ubuntu)?
Ideally it
a) supports encryption &
b) allows me to do copy/paste between the Windows & the Linux
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A nice idea, but how will you stop people from just running a browser on their own computer ?
The better solution is to reduce your attack surface.
Do any of your users run as Local Admin ? or Power Users ?
What anti-virus/ant-malware do you run ?
Have you looked at solutions such as cryptoprevent ?
have you thought about reversing your idea, have everyone with Linux desktops and access a locked down RDS server for Windows applications ?
The better solution is to reduce your attack surface.
Do any of your users run as Local Admin ? or Power Users ?
What anti-virus/ant-malware do you run ?
Have you looked at solutions such as cryptoprevent ?
have you thought about reversing your idea, have everyone with Linux desktops and access a locked down RDS server for Windows applications ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>how will you stop people from just running a browser on their own computer ?
Yes, block the 3 ports or we use our proxy to block users & only a few selected
'highly' trusted sites could be allowed.
PCs/laptops that access prod servers are blocked completely from accessing Internet
Our users don't hv Admin nor Power Users rights
Yes, block the 3 ports or we use our proxy to block users & only a few selected
'highly' trusted sites could be allowed.
PCs/laptops that access prod servers are blocked completely from accessing Internet
Our users don't hv Admin nor Power Users rights
ASKER
Thing is there is very much less malwares & crypto that run on Linux:
I have 2 ex-colleagues who run their laptops on RHEL while a couple of
kids on MAC OSX : they never need to have any AV on their laptops
& never get into AV issues even though the kids use their MACs to
watch movies at highly malicious sites like gooddrama.net
Fireeye also told me in their IOC assessment & engagement, they only
look at Windows : I've personally seen malwares/viruses uploaded to
UNIX/RHEL servers but they do nothing there as they can't execute
nor exploit
I have 2 ex-colleagues who run their laptops on RHEL while a couple of
kids on MAC OSX : they never need to have any AV on their laptops
& never get into AV issues even though the kids use their MACs to
watch movies at highly malicious sites like gooddrama.net
Fireeye also told me in their IOC assessment & engagement, they only
look at Windows : I've personally seen malwares/viruses uploaded to
UNIX/RHEL servers but they do nothing there as they can't execute
nor exploit
ASKER
> malwares/viruses uploaded to UNIX/RHEL servers
I mean malwares/viruses that attack Windows but not UNIX
I mean malwares/viruses that attack Windows but not UNIX
ASKER
> The better solution is to reduce your attack surface.
We have been using a top-brand proxy that auto-updates malicious sites from
their intelligence site, plus a Network IPS (from a top vendor) plus AV in our
PCs/laptops : still get infected
We have been using a top-brand proxy that auto-updates malicious sites from
their intelligence site, plus a Network IPS (from a top vendor) plus AV in our
PCs/laptops : still get infected
ASKER
Users using Linux Desktop : I'm afraid that's too big a change for them:
they are used to MS Office & Outlook & some their apps clients
(like SAP & Citrix etc etc).
For tech/IT staff, maybe but not for users
they are used to MS Office & Outlook & some their apps clients
(like SAP & Citrix etc etc).
For tech/IT staff, maybe but not for users
sounds like your firewall is capable
if you're still seeing infections when people are not local admins, and you have a filtering proxy and AV, then I would suggest that one or both is not configured correctly, I not infrequently see AV installed, but effectively not working, the most frequent is people that whitelist directories (or the whole C: drive) "for performance"...
if you're still seeing infections when people are not local admins, and you have a filtering proxy and AV, then I would suggest that one or both is not configured correctly, I not infrequently see AV installed, but effectively not working, the most frequent is people that whitelist directories (or the whole C: drive) "for performance"...
ASKER
dept could remote into their respective dept's Linux to browse Internet.
We have been hit by ransomware & malwares when users' Windows PCs
browse internet or they click on URL given in the email.
Not command prompt as don't want users to fiddle with Unix commands.
Thanks for the solutions; ideally once user remote into the Linux, they
can auto launch a browser or they can paste the URL from their Windows
Outlook email into the browser.
Thing is I'm concerned with files transfer from the Linux back to their
Windows esp if the files downloaded are 'infected'