[THIN] Re: Anywhere Access security

From: "Jeff Durbin" <techlists@xxxxxxxxxxxxx>
To: <thin@xxxxxxxxxxxxx>
Date: Wed, 14 Jul 2004 08:47:26 +1200
Well, I would say that if you've got encrypted RDP which is then encrypted
again via SSL, that would be more secure. 

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith
> Sent: Tuesday, 13 July 2004 10:30 p.m.
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> Thanks Jeff,
> These make some sense to me.
> You may not be aware that TS already can initiate connections 
> though a browser .
> In conclusion, though, are we agreed that this is *not* a way 
> of making RDP more secure than it currently is?
> 
> Nick
> -----Original Message-----
> From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx]
> Sent: 13 July 2004 10:58
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> The reasons for this would be the same as the reasons you'd 
> have to deploy
> CSG:
> 
> - Not directly exposing the TS's themselves to the Internet
> - Only exposing a single IP address for one or many TS's
> - Access through a commonly open port (443)
> - Eliminates the need for VPN
> - Initiation of connection through a universal mechanism: the 
> browser (presumably this is how it will work with TS)
> 
> JD
> 
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers
> > Sent: Tuesday, 13 July 2004 9:35 p.m.
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Anywhere Access security
> > 
> > counter question, why have Citrix released secure gateway? :)
> > 
> > I don't really know why MS have released this, i presume just to 
> > compete with Citrix and the fact that vpns arent the simplest of 
> > things for users to get up and going i guess..
> > 
> > ooh, i guess it could also be useful for those who need 
> access to rdp 
> > in locked down locations? currently (i think) you can only hit rdp 
> > servers directly, meaning the port has to be open to the 
> internet.. We
> 
> > bandied about this earlier in the year and came to the concisive 
> > conclusion that opening the ports directly may or may not present a 
> > security risk now or in the future :) (although that was for Citrix 
> > ports, but id imagine it holds true for TS too)
> > 
> > Andrew
> > --o--
> > 
> > >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>>
> > Point taken,(And understood :)) regarding higher than 128-bit.
> > 
> > Ok, let's try the question another way; why are MS bothering to 
> > release this  (And position it against VPNs) if it does not provide 
> > more security than currently (The implication being that 
> you currently
> > *cannot* "allow users to securely access ... 
> > Resources...without using VPN technology"). My bottom-line question
> > is: is RDP currently not considered secure? By MS or anyone else?
> > 
> > Nick
> > 
> > 
> > 
> > -----Original Message-----
> > From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
> > Sent: 13 July 2004 09:16
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Anywhere Access security
> > 
> > Well, aside from me not being able to see where it says a 
> VPN is more 
> > secure, I do believe VPNs can go higher than 128bit encryption :)
> > 
> > So, uh, less than 3 syllables.. it done come from ms
> > 
> > Andrew
> > --o--
> > 
> > >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>>
> > Quote from Brian's website
> > (http://www.brianmadden.com/content/content.asp?id=192): 
> > 
> > "One of the new Terminal Services features is the ability for a 
> > Windows Server to encapsulate and proxy RDP traffic over HTTPS 
> > connections. The RDP over HTTPS proxy is part of what 
> Microsoft calls 
> > "Anywhere Access."
> > Not to be confused with Citrix's "Access Infrastructure," 
> > Microsoft's Anywhere Access will allow users to securely access 
> > corporate resources over the public Internet without using VPN 
> > software."
> > 
> > I'm now confused - and I would stress I am by no means a security 
> > expert, *but* my understanding was that the RDP protocol - assuming 
> > decent security levels on the client device - would 
> automatically wrap
> 
> > everything in 128-bit encryption after the initial RDP 
> handshake. So 
> > I've always struggled to understand how VPN is inherently 
> more secure 
> > than that, except that you have to install complicated (For 
> end users)
> 
> > client software to make it work.
> > 
> > How then, is this 'more secure'? Or to put it another way, how 
> > insecure is RDP inherently?
> > 
> > For preference answers in words of less than 3 syllables...
> > 
> > Nick
> > ********************************************************
> > This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the 
> > latest software, hardware, networking technologies, proven 
> technical 
> > expertise, proprietary software and best practices, EOL provides 
> > custom-tailored solutions for each client's mission and specific 
> > goals.
> > http://www.go-eol.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode
> 
> > use the below link:
> > http://thin.net/citrixlist.cfm
> > 
> > 
> > 
> > ********************************************************
> > This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the 
> > latest software, hardware, networking technologies, proven 
> technical 
> > expertise, proprietary software and best practices, EOL provides 
> > custom-tailored solutions for each client's mission and specific 
> > goals.
> > http://www.go-eol.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode
> 
> > use the below link:
> > http://thin.net/citrixlist.cfm
> > 
> > 
> > ********************************************************
> > This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the 
> > latest software, hardware, networking technologies, proven 
> technical 
> > expertise, proprietary software and best practices, EOL provides 
> > custom-tailored solutions for each client's mission and specific 
> > goals.
> > http://www.go-eol.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode
> 
> > use the below link:
> > http://thin.net/citrixlist.cfm
> > 
> > 
> > ********************************************************
> > This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the 
> > latest software, hardware, networking technologies, proven 
> technical 
> > expertise, proprietary software and best practices, EOL provides 
> > custom-tailored solutions for each clients mission and specific 
> > goals.
> > http://www.go-eol.com
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode
> 
> > use the below link:
> > http://thin.net/citrixlist.cfm
> > 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> client's mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> clients mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 

********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical 
expertise, proprietary software and best practices, EOL provides 
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
References:
- [THIN] Re: Anywhere Access security
  - From: Nick Smith
[THIN] Re: Anywhere Access security

Other related posts:
