Well, I would say that if you've got encrypted RDP which is then encrypted again via SSL, that would be more secure. > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith > Sent: Tuesday, 13 July 2004 10:30 p.m. > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > Thanks Jeff, > These make some sense to me. > You may not be aware that TS already can initiate connections > though a browser . > In conclusion, though, are we agreed that this is *not* a way > of making RDP more secure than it currently is? > > Nick > -----Original Message----- > From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] > Sent: 13 July 2004 10:58 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > The reasons for this would be the same as the reasons you'd > have to deploy > CSG: > > - Not directly exposing the TS's themselves to the Internet > - Only exposing a single IP address for one or many TS's > - Access through a commonly open port (443) > - Eliminates the need for VPN > - Initiation of connection through a universal mechanism: the > browser (presumably this is how it will work with TS) > > JD > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers > > Sent: Tuesday, 13 July 2004 9:35 p.m. > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Anywhere Access security > > > > counter question, why have Citrix released secure gateway? :) > > > > I don't really know why MS have released this, i presume just to > > compete with Citrix and the fact that vpns arent the simplest of > > things for users to get up and going i guess.. > > > > ooh, i guess it could also be useful for those who need > access to rdp > > in locked down locations? currently (i think) you can only hit rdp > > servers directly, meaning the port has to be open to the > internet.. We > > > bandied about this earlier in the year and came to the concisive > > conclusion that opening the ports directly may or may not present a > > security risk now or in the future :) (although that was for Citrix > > ports, but id imagine it holds true for TS too) > > > > Andrew > > --o-- > > > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>> > > Point taken,(And understood :)) regarding higher than 128-bit. > > > > Ok, let's try the question another way; why are MS bothering to > > release this (And position it against VPNs) if it does not provide > > more security than currently (The implication being that > you currently > > *cannot* "allow users to securely access ... > > Resources...without using VPN technology"). My bottom-line question > > is: is RDP currently not considered secure? By MS or anyone else? > > > > Nick > > > > > > > > -----Original Message----- > > From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx] > > Sent: 13 July 2004 09:16 > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Anywhere Access security > > > > Well, aside from me not being able to see where it says a > VPN is more > > secure, I do believe VPNs can go higher than 128bit encryption :) > > > > So, uh, less than 3 syllables.. it done come from ms > > > > Andrew > > --o-- > > > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>> > > Quote from Brian's website > > (http://www.brianmadden.com/content/content.asp?id=192): > > > > "One of the new Terminal Services features is the ability for a > > Windows Server to encapsulate and proxy RDP traffic over HTTPS > > connections. The RDP over HTTPS proxy is part of what > Microsoft calls > > "Anywhere Access." > > Not to be confused with Citrix's "Access Infrastructure," > > Microsoft's Anywhere Access will allow users to securely access > > corporate resources over the public Internet without using VPN > > software." > > > > I'm now confused - and I would stress I am by no means a security > > expert, *but* my understanding was that the RDP protocol - assuming > > decent security levels on the client device - would > automatically wrap > > > everything in 128-bit encryption after the initial RDP > handshake. So > > I've always struggled to understand how VPN is inherently > more secure > > than that, except that you have to install complicated (For > end users) > > > client software to make it work. > > > > How then, is this 'more secure'? Or to put it another way, how > > insecure is RDP inherently? > > > > For preference answers in words of less than 3 syllables... > > > > Nick > > ******************************************************** > > This weeks sponsor Emergent Online Thinssentials Utilities > Using the > > latest software, hardware, networking technologies, proven > technical > > expertise, proprietary software and best practices, EOL provides > > custom-tailored solutions for each client's mission and specific > > goals. > > http://www.go-eol.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > > use the below link: > > http://thin.net/citrixlist.cfm > > > > > > > > ******************************************************** > > This weeks sponsor Emergent Online Thinssentials Utilities > Using the > > latest software, hardware, networking technologies, proven > technical > > expertise, proprietary software and best practices, EOL provides > > custom-tailored solutions for each client's mission and specific > > goals. > > http://www.go-eol.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > > use the below link: > > http://thin.net/citrixlist.cfm > > > > > > ******************************************************** > > This weeks sponsor Emergent Online Thinssentials Utilities > Using the > > latest software, hardware, networking technologies, proven > technical > > expertise, proprietary software and best practices, EOL provides > > custom-tailored solutions for each client's mission and specific > > goals. > > http://www.go-eol.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > > use the below link: > > http://thin.net/citrixlist.cfm > > > > > > ******************************************************** > > This weeks sponsor Emergent Online Thinssentials Utilities > Using the > > latest software, hardware, networking technologies, proven > technical > > expertise, proprietary software and best practices, EOL provides > > custom-tailored solutions for each clients mission and specific > > goals. > > http://www.go-eol.com > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode > > > use the below link: > > http://thin.net/citrixlist.cfm > > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > client's mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > clients mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client?s mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm