RES: RE: Access Options - Most Secure
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Dec 2004 15:37:21 -0200
There's a workaround. Here for our developers, I modify the VPN connection so
the default gateway is not changed to the remote network.
Get the properties for the VPN connection, click on the network tab, get the
TCP/IP properties, click advanced and uncheck the box that says "default
gateway on remote network blah blah blah"
It's only a PIA if the customer has more than one subnet, then you have to
create routes manually on the client via a batch script after it connects to
the VPN.
Tiago de Aviz
SoftSell - Curitiba
(41) 340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
_____
De: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Enviada em: terça-feira, 21 de dezembro de 2004 13:41
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: Access Options - Most Secure
http://www.ISAserver.org
The big disadvantage that I see from VPN is that it cuts off access to the rest
of the Internet for the client while connected to the VPN. No email, no web
access. We have developers who may spend hours at a time connected. Is there
some way to "harden" the security for RDP?
Guinn
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, December 21, 2004 3:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access Options - Most Secure
http://www.ISAserver.org
Hi Guinn,
VPN is the most secure. I don't allow RDP connections into the network directly
from the Internet. You can RDP inside the authenticated and inspected VPN link,
but don't directly RDP into your network from an untrusted network.
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Monday, December 20, 2004 8:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Access Options - Most Secure
http://www.ISAserver.org
I don't know if this has been discussed before or not. I have the opportunity
to access my corporate network via any of three methods:
1. VPN (standard Windows VPN)
2. TS
3. TS through web site (connect to web site and TS through ActiveX
control)
Is there any inherent difference in the security of any of these methods, or
are they basically all the same? I use different ones at different times, but
it occurred to me that they might not be equally secure. (I'm going through
ISA Server in each case. Can use ISA 2000 or ISA 2004.)
TIA.
Guinn Unger
Unger Technologies, Inc.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlists@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
