Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Remote desktop access policy

from [Petter Bruland] Network Security [Permanent Link]
Subject: RE: Remote desktop access policy
Date: Fri, 18 Jan 2008 08:00:09 -0800 
We have about 10 users here who remote into their desktops via RDC over
VPN.

And we only allow users who have home office computers/laptops owned by
the company, to connect via VPN.
Between the VPN network and the LAN, there's gateway antivirus scanning
& spyware scanning. 

So far this seems to work well, but I'd like to take advantage of
Windows Server 2008's NAC feature when that comes out. As we would gain
even more control of the end client. Like checking for a client
Antivirus app etc.

Hopefully we'll see some of the more l33t admins respond to your post,
with some good info about security in this situation.

-Petter

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of WALI
Sent: Friday, January 18, 2008 5:33 AM
To: security-basics@securityfocus.com
Subject: Remote desktop access policy

Hi guys...do you have any remote desktop policy clauses that you can
share?
I am having difficulties in trying to tell people the hazards of
haphazardly asking IT guys the perils of asking access to their desktops
when the come in via VPN.

Everyone wants to have a VPN client and then to a remote desktop session
to their desktop.

How can I tell them the threats of doing so? Are there any threats?
Should I restrict such usage? For one, it makes a lot of economic sense
to switch off PC once a user leaves his/her desk for the day.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Honeypot Server, p1g
Next by Date:  Re: Remote desktop access policy, Josh Haft
Previous by Thread:  Remote desktop access policy, WALI
Next by Thread:  AW: Remote desktop access policy, Johannes Lemmerer
Indexes:  [Date] [Thread] [Top] [All Lists]