RE: Publishing terminal services behind ISA/VPN
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 May 2004 04:34:57 -0500
Hi Greg,
I'm no hacker, but how it is easier to brute force an RDP session viz. a
PPTP VPN session? I can see how an L2TP/IPSec VPN would make brute force
less likely to be effective because of the machine certificate
requirement, but not PPTP, unless I'm missing something (which is more
than likely).
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx]
Sent: Friday, May 07, 2004 12:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN
http://www.ISAserver.org
Jim
The reason I use vpn in favour of publishing rdp, is that it is allot
easier
to brute force a rdp session than it is a vpn session. However, like you
say, rdp only gives you console access.
Greg Mulholland
Stelatel Communications
Unit 3 641-643 Centre Rd
Bentleigh East, VIC
Phone: (03) 9576-5699
Fax: (03) 9576-5899
gregstelatel@xxxxxxxxxxx
www.stelatel.com
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, 7 May 2004 2:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN
http://www.ISAserver.org
You should always use static IPs on the ISA external interface whenever
possible.
Since Windows RDP is already encrypted, you really only add overhead
with a
VPN channel.
If you want direct access to the internal hosts, use a VPN channel; if
you
only need console access, leave it to RDP.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Thu, 6 May 2004 17:45:03 -0400
"Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Isn't all of this possible via a secured connection to the ISA/VPN
server
and then to terminal services? I too want to be able to access my
internal
network remotely and I'm hoping to do it this way instead of adding a
ton of
3rd party apps to the server.
Also is it also possible or wise to assign a static IP to the external
interface of the ISA and connect to the ISA/VPN/TS server?
Thanks
________________________________
From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx]
Sent: Wednesday, May 05, 2004 8:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN
http://www.ISAserver.org
Joseph
I winscp is my MVT (most valuable tool) atm, occassionally i have run a
windows ssh server on my isa so i can use ssh from the outside. You can
also
port stuff over ssh which is lovely and secure, things like VNC and
stuff.
http://winscp.sourceforge.net/eng/ - winscp
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- putty
ssh
client
http://www.bitvise.com/winsshd.html -- ssh server for windows
Greg Mulholland
Stelatel Communications
Unit 3 641-643 Centre Rd
Bentleigh East, VIC
Phone: (03) 9576-5699
Fax: (03) 9576-5899
gregstelatel@xxxxxxxxxxx
www.stelatel.com
________________________________
From: cismic [mailto:cismic@xxxxxxx]
Sent: Thursday, 6 May 2004 9:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN
http://www.ISAserver.org
Hi Thomas,
I guess I could use FTP to post the new pages. And then create a special
*.aspx page that I can use to compile the new site pages. Isnt' SSH
more
for the unix world? I was just searching for a windows version of SSH.
I find that back to back processes although more secure are a little
harder
to get working the way I want.
Thank you,
Joseph
----- Original Message -----
From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxx>
To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>
Sent: Wednesday, May 05, 2004 3:59 PM
Subject: [isalist] RE: Publishing terminal services behind
ISA/VPN
http://www.ISAserver.org
Hi Joseph,
How about FTP or SSH? I prefer not to run TS on a public access
box,
esp. one that allows anonymous public access.
HTH,
Tom
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gregstelatel@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
