The reasons for this would be the same as the reasons you'd have to deploy CSG: - Not directly exposing the TS's themselves to the Internet - Only exposing a single IP address for one or many TS's - Access through a commonly open port (443) - Eliminates the need for VPN - Initiation of connection through a universal mechanism: the browser (presumably this is how it will work with TS) JD > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers > Sent: Tuesday, 13 July 2004 9:35 p.m. > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > counter question, why have Citrix released secure gateway? :) > > I don't really know why MS have released this, i presume just > to compete with Citrix and the fact that vpns arent the > simplest of things for users to get up and going i guess.. > > ooh, i guess it could also be useful for those who need > access to rdp in locked down locations? currently (i think) > you can only hit rdp servers directly, meaning the port has > to be open to the internet.. We bandied about this earlier in > the year and came to the concisive conclusion that opening > the ports directly may or may not present a security risk now > or in the future :) (although that was for Citrix ports, but > id imagine it holds true for TS too) > > Andrew > --o-- > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>> > Point taken,(And understood :)) regarding higher than 128-bit. > > Ok, let's try the question another way; why are MS bothering > to release this (And position it against VPNs) if it does > not provide more security than currently (The implication > being that you currently > *cannot* "allow users to securely access ... > Resources...without using VPN technology"). My bottom-line > question is: is RDP currently not considered secure? By MS or > anyone else? > > Nick > > > > -----Original Message----- > From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx] > Sent: 13 July 2004 09:16 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > Well, aside from me not being able to see where it says a VPN > is more secure, I do believe VPNs can go higher than 128bit > encryption :) > > So, uh, less than 3 syllables.. it done come from ms > > Andrew > --o-- > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>> > Quote from Brian's website > (http://www.brianmadden.com/content/content.asp?id=192): > > "One of the new Terminal Services features is the ability for > a Windows Server to encapsulate and proxy RDP traffic over > HTTPS connections. The RDP over HTTPS proxy is part of what > Microsoft calls "Anywhere Access." > Not to be confused with Citrix's "Access Infrastructure," > Microsoft's Anywhere Access will allow users to securely > access corporate resources over the public Internet without > using VPN software." > > I'm now confused - and I would stress I am by no means a > security expert, *but* my understanding was that the RDP > protocol - assuming decent security levels on the client > device - would automatically wrap everything in 128-bit > encryption after the initial RDP handshake. So I've always > struggled to understand how VPN is inherently more secure > than that, except that you have to install complicated (For > end users) client software to make it work. > > How then, is this 'more secure'? Or to put it another way, > how insecure is RDP inherently? > > For preference answers in words of less than 3 syllables... > > Nick > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > client's mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > client's mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > client's mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities > Using the latest software, hardware, networking technologies, > proven technical expertise, proprietary software and best > practices, EOL provides custom-tailored solutions for each > clients mission and specific goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client?s mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm