[unisog] Windows Remote Desktop Client

Bill Martin bmartin at luc.edu
Mon Mar 31 18:26:37 GMT 2003


We here at LUC have experienced a similar progression, although we have not hit the upper limit of our VPN.  

As far as Remote Desktop, we really did not have to struggle with with.  Kill 3389 at the front door :-).  Although there are workarounds for this, most people do not have the technical knowledge, nerve, or desire to work around it.  Those that do, usually (not always) have enough common sense to tighten up the box.

Reality of the matter is, the port is configurable and much like any other service that can be changed, you might have to develop a tight, and well communicated policy when it comes to RD.
-bill-



>>> Dax <dax at resnet.ucsb.edu> 03/31/03 11:52AM >>>

	Last year here at UCSB, we deployed a firewall solution that gave
us the capability to do VPN connections...which of course *everyone*
suddenly wanted - even those who had no clue what a VPN was, or why they
might need it.  Initially, we gave the client installer to everyone who
asked...however at some point, it dawned on management that this might not
be the best policy, since as you mentioned, we (admins) have little to no
control over the home environment (at least on privately owned
computers).
	After outlining the multitude security holes and problems I
would potentially face, it was finally agreed that we would rescind the
VPN client, and instead offer it internally to IS staff members only.
	Not the same as RDC, I know, but you face many similar issues.  I
like our new policy much better ;)

/Dax

On Mon, 31 Mar 2003, Ed Gibson wrote:

> Hello all...
> 
> The influx of Windows XP into our domain has increased the number of
> faculty and staff wanting to access their at work desktops from home
> via Microsoft RDC.
> 
> This of course opens and huge can of worms as far as security is
> concerned. How secure is the at home computer? Are proper complex
> passwords protecting the access to the RDC desktop? etc.
> 
> I have asked our Windows guru's questions about logging, brute force
> password attacks, how do we protect administrator privileged accounts?
> And am still awaiting their reply's.
> 
> It occurred to me that we can't be the only institution struggling with
> this issue and that a question to Unisog as to how other institutions
> are dealing with the issue might be enlightening.
> 
> Thanks
> 
> Ed Gibson
> University of Western Ontario
> Network Operations
> 
> 
> 




More information about the unisog mailing list