[unisog] Remote Access to Staff Desktops

Alex Keller alkeller at sfsu.edu
Thu Feb 19 02:39:26 GMT 2009

hi Tim and Unisog,

in the past we have supported Microsoft RDP/TS and Apple Remote
Desktop for staff/faculty at home connection to an office computer but
have found this opened the floodgates to support demands and potential
security issues we were not prepared to handle on a larger scale.
instead we now offer a Cisco based VPN service that authenticates
staff and faculty using their email account and then allows them
access to our file servers (via a secondary login to a CIFS/SMB
share). while perhaps not as convenient as remote access to their
office desktop, we find most users are able to accomplish their work
with this setup. couple of other thoughts if you are going to support
remote desktop for end users:

* it probably isn't recommended to have tcp port 3389 (Microsoft
TS/RDP), udp 3283 (Apple Remote Desktop), or any other remote desktop
service directly exposed to the public internet. mandating a VPN
connection to use remote desktop may be your best bet for that extra
layer of protection.

* force sufficiently complex passwords for all user accounts

* network bandwidth may be an issue if you have a lot of remote
desktop connections and only limited throughput on your campus
connection or VPN terminator.

* don't allow any sort of remote desktop that doesn't properly encrypt
the authentication sequence; no 'vanilla' VNC for example.

Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller at sfsu.edu

Tim Lane wrote:
> Hi All,
> We are receiving an increasing number of requests from staff to remotely
> access their desktops, for a variety of reasons.
> I would be interested in hearing if any other Universities allow this,
> and if so how you are providing secure access, or if you have any
> thoughts/comments on the matter.
> Thanks,
> Tim
> Tim Lane
> ;
> Information Security Program Manager
> Southern Cross University
> Ph (02) 6620 3290
> Mobile 0418 248 571
> ------------------------------------------------------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list