Thanks Jeff, These make some sense to me. You may not be aware that TS already can initiate connections though a browser . In conclusion, though, are we agreed that this is *not* a way of making RDP more secure than it currently is? Nick -----Original Message----- From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] Sent: 13 July 2004 10:58 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Anywhere Access security The reasons for this would be the same as the reasons you'd have to deploy CSG: - Not directly exposing the TS's themselves to the Internet - Only exposing a single IP address for one or many TS's - Access through a commonly open port (443) - Eliminates the need for VPN - Initiation of connection through a universal mechanism: the browser (presumably this is how it will work with TS) JD > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers > Sent: Tuesday, 13 July 2004 9:35 p.m. > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > counter question, why have Citrix released secure gateway? :) > > I don't really know why MS have released this, i presume just to > compete with Citrix and the fact that vpns arent the simplest of > things for users to get up and going i guess.. > > ooh, i guess it could also be useful for those who need access to rdp > in locked down locations? currently (i think) you can only hit rdp > servers directly, meaning the port has to be open to the internet.. We > bandied about this earlier in the year and came to the concisive > conclusion that opening the ports directly may or may not present a > security risk now or in the future :) (although that was for Citrix > ports, but id imagine it holds true for TS too) > > Andrew > --o-- > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 10:13:57 >>> > Point taken,(And understood :)) regarding higher than 128-bit. > > Ok, let's try the question another way; why are MS bothering to > release this (And position it against VPNs) if it does not provide > more security than currently (The implication being that you currently > *cannot* "allow users to securely access ... > Resources...without using VPN technology"). My bottom-line question > is: is RDP currently not considered secure? By MS or anyone else? > > Nick > > > > -----Original Message----- > From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx] > Sent: 13 July 2004 09:16 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Anywhere Access security > > Well, aside from me not being able to see where it says a VPN is more > secure, I do believe VPNs can go higher than 128bit encryption :) > > So, uh, less than 3 syllables.. it done come from ms > > Andrew > --o-- > > >>> nick@xxxxxxxxxxxxxxx 13/07/04 08:41:16 >>> > Quote from Brian's website > (http://www.brianmadden.com/content/content.asp?id=192): > > "One of the new Terminal Services features is the ability for a > Windows Server to encapsulate and proxy RDP traffic over HTTPS > connections. The RDP over HTTPS proxy is part of what Microsoft calls > "Anywhere Access." > Not to be confused with Citrix's "Access Infrastructure," > Microsoft's Anywhere Access will allow users to securely access > corporate resources over the public Internet without using VPN > software." > > I'm now confused - and I would stress I am by no means a security > expert, *but* my understanding was that the RDP protocol - assuming > decent security levels on the client device - would automatically wrap > everything in 128-bit encryption after the initial RDP handshake. So > I've always struggled to understand how VPN is inherently more secure > than that, except that you have to install complicated (For end users) > client software to make it work. > > How then, is this 'more secure'? Or to put it another way, how > insecure is RDP inherently? > > For preference answers in words of less than 3 syllables... > > Nick > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities Using the > latest software, hardware, networking technologies, proven technical > expertise, proprietary software and best practices, EOL provides > custom-tailored solutions for each client's mission and specific > goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode > use the below link: > http://thin.net/citrixlist.cfm > > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities Using the > latest software, hardware, networking technologies, proven technical > expertise, proprietary software and best practices, EOL provides > custom-tailored solutions for each client's mission and specific > goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode > use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities Using the > latest software, hardware, networking technologies, proven technical > expertise, proprietary software and best practices, EOL provides > custom-tailored solutions for each client's mission and specific > goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode > use the below link: > http://thin.net/citrixlist.cfm > > > ******************************************************** > This weeks sponsor Emergent Online Thinssentials Utilities Using the > latest software, hardware, networking technologies, proven technical > expertise, proprietary software and best practices, EOL provides > custom-tailored solutions for each clients mission and specific > goals. > http://www.go-eol.com > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode > use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client's mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client?s mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm