Yup, I agree wholeheartedly, and it has the benefit of being very quick, and can be used for shadowing, whereas RDP cannot. S So there -----Original Message----- From: David Farinic [mailto:davidf@xxxxxxx] Sent: Friday, March 11, 2005 11:17 AM To: ISA Mailing List Subject: [isalist] RE: ISA 2004 SE Setup - trihomed Setup? http://www.ISAserver.org VNC has lot of different flavors as it is open source you can find lot of Secure VNC solutions which I would consider more secure then plain TS as they are not vulnerable against man in the middle attacks and they use 2key system. However it is good to look around as some of them can apply to TS connections as well. By simply securely tunneling 1 tcp/ip port bound to just 1 specific application to another not trusted machine makes things safer (ssh and so on...). Regards DavidF. Test in Czech:ěščřžýáíéďxĎČءAáÁÍÓščřžýí=´=+;¨§)úpůl..,-ú -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, March 11, 2005 3:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 SE Setup - trihomed Setup? http://www.ISAserver.org Unless you have complete trust in the ISP's employees, you'd avoid the VPN solution. Why does your ISP need personal access to your server? Why VNC? Terminal Services is MUCH more secure and doesn't require you to dump more bits on your server. -----Original Message----- From: Andrew Barr [mailto:abarr@xxxxxxxxxxxxx] Sent: Friday, March 11, 2005 1:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA 2004 SE Setup - trihomed Setup? http://www.ISAserver.org Good Morning all, Quick Config question I am wondering what is the best config for the ISA 2004 I have private IP range from our ISP which is connected to the External NIC (172.20.x.x) Our Internal address is (172.16.0.0/16) and we need to allow access from our ISP to one of the servers via VNC, is it best to put a third NIC in and place the server off this NIC so that both internal and external can get to the server or use port forwarding and keep the server in the internal network, or would it be better using VPN so that the ISP is part of the internal network and only allow them to see the server. Many thanks Andrew Barr ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. .org This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The haggis is unusual in that it is neither consistently nocturnal nor diurnal, but instead is active at dawn and dusk (crepuscular), with occasional forays forth during the day and night.