[THIN] Re: Anywhere Access security

• From: "Jeff Durbin" <techlists@xxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 13 Jul 2004 21:57:54 +1200

The reasons for this would be the same as the reasons you'd have to deploy
CSG:

- Not directly exposing the TS's themselves to the Internet 
- Only exposing a single IP address for one or many TS's
- Access through a commonly open port (443)
- Eliminates the need for VPN
- Initiation of connection through a universal mechanism: the browser
(presumably this is how it will work with TS)

JD

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers
> Sent: Tuesday, 13 July 2004 9:35 p.m.
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> counter question, why have Citrix released secure gateway? :)
> 
> I don't really know why MS have released this, i presume just 
> to compete with Citrix and the fact that vpns arent the 
> simplest of things for users to get up and going i guess..
> 
> ooh, i guess it could also be useful for those who need 
> access to rdp in locked down locations? currently (i think) 
> you can only hit rdp servers directly, meaning the port has 
> to be open to the internet.. We bandied about this earlier in 
> the year and came to the concisive conclusion that opening 
> the ports directly may or may not present a security risk now 
> or in the future :) (although that was for Citrix ports, but 
> id imagine it holds true for TS too)
> 
> Andrew
> --o--
> 
> >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>>
> Point taken,(And understood :)) regarding higher than 128-bit.
> 
> Ok, let's try the question another way; why are MS bothering 
> to release this  (And position it against VPNs) if it does 
> not provide more security than currently (The implication 
> being that you currently
> *cannot* "allow users to securely access ... 
> Resources...without using VPN technology"). My bottom-line 
> question is: is RDP currently not considered secure? By MS or 
> anyone else?
> 
> Nick
> 
> 
> 
> -----Original Message-----
> From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2004 09:16
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> Well, aside from me not being able to see where it says a VPN 
> is more secure, I do believe VPNs can go higher than 128bit 
> encryption :)
> 
> So, uh, less than 3 syllables.. it done come from ms
> 
> Andrew
> --o--
> 
> >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>>
> Quote from Brian's website
> (http://www.brianmadden.com/content/content.asp?id=192): 
> 
> "One of the new Terminal Services features is the ability for 
> a Windows Server to encapsulate and proxy RDP traffic over 
> HTTPS connections. The RDP over HTTPS proxy is part of what 
> Microsoft calls "Anywhere Access."
> Not to be confused with Citrix's "Access Infrastructure," 
> Microsoft's Anywhere Access will allow users to securely 
> access corporate resources over the public Internet without 
> using VPN software."
> 
> I'm now confused - and I would stress I am by no means a 
> security expert, *but* my understanding was that the RDP 
> protocol - assuming decent security levels on the client 
> device - would automatically wrap everything in 128-bit 
> encryption after the initial RDP handshake. So I've always 
> struggled to understand how VPN is inherently more secure 
> than that, except that you have to install complicated (For 
> end users) client software to make it work.
> 
> How then, is this 'more secure'? Or to put it another way, 
> how insecure is RDP inherently?
> 
> For preference answers in words of less than 3 syllables...
> 
> Nick
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> client's mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm 
> 
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> client's mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm 
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> client's mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm 
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities 
> Using the latest software, hardware, networking technologies, 
> proven technical expertise, proprietary software and best 
> practices, EOL provides custom-tailored solutions for each 
> clients mission and specific goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
> 

********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical 
expertise, proprietary software and best practices, EOL provides 
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: Anywhere Access security
    • From: Andrew Rogers

Other related posts:

• » [THIN] Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security

1. Home
2. thin
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---