[THIN] Re: Anywhere Access security

• From: "Nick Smith" <nick@xxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 13 Jul 2004 11:30:21 +0100

Thanks Jeff,
These make some sense to me.
You may not be aware that TS already can initiate connections though a
browser .
In conclusion, though, are we agreed that this is *not* a way of making
RDP more secure than it currently is?

Nick
-----Original Message-----
From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] 
Sent: 13 July 2004 10:58
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Anywhere Access security

The reasons for this would be the same as the reasons you'd have to
deploy
CSG:

- Not directly exposing the TS's themselves to the Internet
- Only exposing a single IP address for one or many TS's
- Access through a commonly open port (443)
- Eliminates the need for VPN
- Initiation of connection through a universal mechanism: the browser
(presumably this is how it will work with TS)

JD

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers
> Sent: Tuesday, 13 July 2004 9:35 p.m.
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> counter question, why have Citrix released secure gateway? :)
> 
> I don't really know why MS have released this, i presume just to 
> compete with Citrix and the fact that vpns arent the simplest of 
> things for users to get up and going i guess..
> 
> ooh, i guess it could also be useful for those who need access to rdp 
> in locked down locations? currently (i think) you can only hit rdp 
> servers directly, meaning the port has to be open to the internet.. We

> bandied about this earlier in the year and came to the concisive 
> conclusion that opening the ports directly may or may not present a 
> security risk now or in the future :) (although that was for Citrix 
> ports, but id imagine it holds true for TS too)
> 
> Andrew
> --o--
> 
> >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>>
> Point taken,(And understood :)) regarding higher than 128-bit.
> 
> Ok, let's try the question another way; why are MS bothering to 
> release this  (And position it against VPNs) if it does not provide 
> more security than currently (The implication being that you currently
> *cannot* "allow users to securely access ... 
> Resources...without using VPN technology"). My bottom-line question 
> is: is RDP currently not considered secure? By MS or anyone else?
> 
> Nick
> 
> 
> 
> -----Original Message-----
> From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2004 09:16
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Anywhere Access security
> 
> Well, aside from me not being able to see where it says a VPN is more 
> secure, I do believe VPNs can go higher than 128bit encryption :)
> 
> So, uh, less than 3 syllables.. it done come from ms
> 
> Andrew
> --o--
> 
> >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>>
> Quote from Brian's website
> (http://www.brianmadden.com/content/content.asp?id=192): 
> 
> "One of the new Terminal Services features is the ability for a 
> Windows Server to encapsulate and proxy RDP traffic over HTTPS 
> connections. The RDP over HTTPS proxy is part of what Microsoft calls 
> "Anywhere Access."
> Not to be confused with Citrix's "Access Infrastructure," 
> Microsoft's Anywhere Access will allow users to securely access 
> corporate resources over the public Internet without using VPN 
> software."
> 
> I'm now confused - and I would stress I am by no means a security 
> expert, *but* my understanding was that the RDP protocol - assuming 
> decent security levels on the client device - would automatically wrap

> everything in 128-bit encryption after the initial RDP handshake. So 
> I've always struggled to understand how VPN is inherently more secure 
> than that, except that you have to install complicated (For end users)

> client software to make it work.
> 
> How then, is this 'more secure'? Or to put it another way, how 
> insecure is RDP inherently?
> 
> For preference answers in words of less than 3 syllables...
> 
> Nick
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities Using the 
> latest software, hardware, networking technologies, proven technical 
> expertise, proprietary software and best practices, EOL provides 
> custom-tailored solutions for each client's mission and specific 
> goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode

> use the below link:
> http://thin.net/citrixlist.cfm
> 
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities Using the 
> latest software, hardware, networking technologies, proven technical 
> expertise, proprietary software and best practices, EOL provides 
> custom-tailored solutions for each client's mission and specific 
> goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode

> use the below link:
> http://thin.net/citrixlist.cfm
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities Using the 
> latest software, hardware, networking technologies, proven technical 
> expertise, proprietary software and best practices, EOL provides 
> custom-tailored solutions for each client's mission and specific 
> goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode

> use the below link:
> http://thin.net/citrixlist.cfm
> 
> 
> ********************************************************
> This weeks sponsor Emergent Online Thinssentials Utilities Using the 
> latest software, hardware, networking technologies, proven technical 
> expertise, proprietary software and best practices, EOL provides 
> custom-tailored solutions for each clients mission and specific 
> goals.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode

> use the below link:
> http://thin.net/citrixlist.cfm
> 

********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities Using the
latest software, hardware, networking technologies, proven technical
expertise, proprietary software and best practices, EOL provides
custom-tailored solutions for each client's mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor Emergent Online Thinssentials Utilities
Using the latest software, hardware, networking technologies, proven technical 
expertise, proprietary software and best practices, EOL provides 
custom-tailored solutions for each client?s mission and specific goals.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: Anywhere Access security
    • From: Jeff Durbin

Other related posts:

• » [THIN] Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security
• » [THIN] Re: Anywhere Access security

1. Home
2. thin
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---