Hi Greg, I'm no hacker, but how it is easier to brute force an RDP session viz. a PPTP VPN session? I can see how an L2TP/IPSec VPN would make brute force less likely to be effective because of the machine certificate requirement, but not PPTP, unless I'm missing something (which is more than likely). Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx] Sent: Friday, May 07, 2004 12:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Jim The reason I use vpn in favour of publishing rdp, is that it is allot easier to brute force a rdp session than it is a vpn session. However, like you say, rdp only gives you console access. Greg Mulholland Stelatel Communications Unit 3 641-643 Centre Rd Bentleigh East, VIC Phone: (03) 9576-5699 Fax: (03) 9576-5899 gregstelatel@xxxxxxxxxxx www.stelatel.com -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, 7 May 2004 2:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org You should always use static IPs on the ISA external interface whenever possible. Since Windows RDP is already encrypted, you really only add overhead with a VPN channel. If you want direct access to the internal hosts, use a VPN channel; if you only need console access, leave it to RDP. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 6 May 2004 17:45:03 -0400 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Isn't all of this possible via a secured connection to the ISA/VPN server and then to terminal services? I too want to be able to access my internal network remotely and I'm hoping to do it this way instead of adding a ton of 3rd party apps to the server. Also is it also possible or wise to assign a static IP to the external interface of the ISA and connect to the ISA/VPN/TS server? Thanks ________________________________ From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx] Sent: Wednesday, May 05, 2004 8:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Joseph I winscp is my MVT (most valuable tool) atm, occassionally i have run a windows ssh server on my isa so i can use ssh from the outside. You can also port stuff over ssh which is lovely and secure, things like VNC and stuff. http://winscp.sourceforge.net/eng/ - winscp http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- putty ssh client http://www.bitvise.com/winsshd.html -- ssh server for windows Greg Mulholland Stelatel Communications Unit 3 641-643 Centre Rd Bentleigh East, VIC Phone: (03) 9576-5699 Fax: (03) 9576-5899 gregstelatel@xxxxxxxxxxx www.stelatel.com ________________________________ From: cismic [mailto:cismic@xxxxxxx] Sent: Thursday, 6 May 2004 9:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Thomas, I guess I could use FTP to post the new pages. And then create a special *.aspx page that I can use to compile the new site pages. Isnt' SSH more for the unix world? I was just searching for a windows version of SSH. I find that back to back processes although more secure are a little harder to get working the way I want. Thank you, Joseph ----- Original Message ----- From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Wednesday, May 05, 2004 3:59 PM Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Joseph, How about FTP or SSH? I prefer not to run TS on a public access box, esp. one that allows anonymous public access. HTH, Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregstelatel@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')