Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Remote Desktop, DMZ

from [ragdelaed] Network Security [Permanent Link]
Subject: RE: Remote Desktop, DMZ
Date: Thu, 26 Apr 2007 08:37:02 -0400 
If you have to put a Remote Desktop enabled box in your DMZ for external
build it internally first, completely patch and lock it down. Then put it on
its own vlan in your DMZ that is firewalled. Enable extensive logging and
use a logging monitor to watch and alert on both the windows logs and the
firewall logs. It may even be a good idea to put an IPS on that specific
VLAN in order to mitigate any potential issues that may arise from the box
being compromised.

I think putting a box in the DMZ with terminal services enabled is not the
best solution. There may be better ways to achieve what you are looking to
do. Your first statement is a question asking for verification of whether or
not a remote desktop system should be in the DMZ. I would vote no, unless
there is a strong business need for it. 

Why are you looking to put a remote desktop system in your DMZ? If this is a
client access issue, I would guess there are web enabled solutions that are
more robust and secure than a remote desktop solution.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Edmund
Sent: Tuesday, April 24, 2007 7:16 AM
To: security-basics@securityfocus.com
Subject: Remote Desktop, DMZ

Dear All,

A Remote-Desktop system should be placed within the DMZ,
am I correct?

If that is the case, what if the Remote Desktop
system requires access to an application server; but,
this application server  cannot be placed in the DMZ
because LAN users also need access to it?

I've been mulling it over and haven't quite
figured out how or where to put this remote desktop system.
In the DMZ, it will have a hard time being
part of the domain(is this actually necessary?)
or even access an application server (which
is also part of the domain).    If I put
the Remote desktop system in the internal LAN,
the risks are not particularly appealing should
the RD system get compromised.

Can someone out there give me some hints/pointers
as to how I might go about in putting a remote
desktop system in an existing network setting?

Thanks

Ed
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Enterprise Log Management Systems, Anich, Ryan L.
Next by Date:  Re: Nmap udp scan, Jon Hart
Previous by Thread:  Re: Remote Desktop, DMZ, Ansgar -59cobalt- Wiechers
Next by Thread:  Nmap udp scan, Kain, Becki (B.)
Indexes:  [Date] [Thread] [Top] [All Lists]