Reply to All
Show messages
Messages
Inbox
Search
Login
1–7
SSL VPN
From: Ken (SHIELDSIT)
13 Aug 2013 22:40
To: Dan (HERMAND)
3 of 7
40639.3
In reply to
40639.2
We use RDP, but they have to connect with the VPN first. When I first got here they had RDP wide open, I caught a hacker on one of the servers sending spam with a bunch of scripts. Since then I'm really paranoid about letting any connections without a VPN tunnel.
I suppose Remote App would open that possibility back up too. Or I could assign RDP to a peculiar port but wouldn't a port scan just make it possible to figure out which one I've used?
From: Mizzy
14 Aug 2013 08:35
To: Ken (SHIELDSIT)
4 of 7
40639.4
In reply to
40639.3
SSL VPN tunnels are a little more processor intensive than the traditional IPSEC tunnels
but in practice i've not noticed much difference from a user perspective apart from reduced 'my vpn isn't working' calls, you just need to be a bit more generous when speccing up the VPN server.
Opening RDP on a high port isn't a good idea, as you say all they need to do is run a portscan
(devil)
and they've found it and your back to square one.
You might want to look at using a 'portal' model where the user visits a SSL protected website and then there's a html5 or similar 'rdp session in a browser'
a couple of the products I've used are Sophos UTM (formerly astaro security gateway)and juniper netscreen SA series,
the Sophos boxes are slightly cheaper than the SA but the SA is definitely better.
Or you could buy a server run up your favourite distro and fire up an openvpn server slightly more work but essentially free and secure (its openvpn inside the Sophos box anyway
:-D
).
From: Dan (HERMAND)
14 Aug 2013 21:07
To: Ken (SHIELDSIT)
5 of 7
40639.5
In reply to
40639.3
Sounds like you just need RDS Web Access etc, really.
From: Wattsy (SLAYERPUNX)
15 Aug 2013 14:25
To: Ken (SHIELDSIT)
6 of 7
40639.6
In reply to
40639.1
Or you could look at our
workspace product
(shameless plug)
Pick up all all your hosted applications and host them on a webfront end securely.
From: Ken (SHIELDSIT)
15 Aug 2013 16:51
To: Wattsy (SLAYERPUNX)
7 of 7
40639.7
In reply to
40639.6
That's what remote app does. I had it working at one point but was trying to make it only use a specific wan and broke it. I need to make time to look at it again.