RE: Securing TS

  • From: "Mark Morgan" <MMorgan@xxxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 11 Nov 2005 11:03:59 -0800

 
On the remote desktop connection app, if you select options, local resources 
you can select disk drives under local devices which maps the remote drives to 
your local machine allowing file transfers.

Thank You
Mark J Morgan
IS Coordinator

Palm Drive Hospital 
501 Petaluma Ave. Sebastopol, Ca. 95472
Email:    mmorgan@xxxxxxxxxxxxxxxxxxxxx
Voice:    (707) 829-4242
Fax:       (707) 829-4112
Mobile    (707) 849-5576

IMPORTANT Notice: The information contained in this e-mail, including any 
attachments or other embedded messages, is legally privileged and confidential 
and is intended only for the use of the individual or entity to whom it is 
addressed. If the reader of this message is not the intended recipient or an 
agent responsible for delivering it to the intended recipient, you are hereby 
notified that any viewing, dissemination, distribution, retransmitting, or 
copying of this e-mail message is strictly prohibited. If you have received 
and/or are viewing this e-mail in error, please notify the sender immediately 
by reply e-mail, and delete this and all copies of this communication from your 
systems. Thank you.


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Friday, November 11, 2005 10:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Securing TS

http://www.ISAserver.org

Hi Andrew,

Are you sure about that? I'm RDPed into my office right now, and I have drive 
mapping enabled, which allows me to transfer files. However, I don't recall if 
this is the default setting or if I put a check in the right box in the right 
place. :)

But this is something you can manage, and prevent users from having this 
capability. There are also ways to configure RDP to provide access only to 
specific applications. Check out what Network Engines did with their Web 
interface and RDP linkage that provides access only to the ISA firewall console 
and nothing else. You can do the same thing for other apps.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, November 11, 2005 12:46 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Securing TS
> 
> http://www.ISAserver.org
> 
> Actually I will stand you right. (eek what did I just say there??)
> 
> There are applications that exploit RDP's weaknesses and allow you to 
> transfer files from any RDP session, which by default Microsoft's RDP 
> client doesn't allow you to do.
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Friday, November 11, 2005 9:26 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Securing TS
> 
> http://www.ISAserver.org
> 
> It's the app protocol using the bandwidth, its not the VPN protocol, 
> that's the difference. RDP only transfers compressed images, so you'll 
> need to model the traffic to see which is more efficient. But if you 
> use RDP in a VPN, you have secure and minimal bandwidth use -- not to 
> say that RDP by itself isn't secure, because it is.
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Friday, November 11, 2005 6:23 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Securing TS
> > 
> > http://www.ISAserver.org
> > 
> > Well AccPac uses Pervasive SQL and is no light weight
> program thus it
> > would drown out the internet connection.
> > 
> > As for TS doing the same thing I tend to differ because a
> new client
> > of mine who I am moving off of TS for other reasons uses Terminal 
> > Server both locally and remotely, their internet connection 3~4Mbit 
> > D/800k U and they still has plenty of room for their Borland driven 
> > website which they have clients and employees logging into
> during the
> > day.
> > 
> > Andrew
> > 
> > -----Original Message-----
> > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> > Sent: Thursday, November 10, 2005 11:40 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Securing TS
> > 
> > http://www.ISAserver.org
> > 
> > I don't use TS at all(I am assuming you are referring to Terminal 
> > Services), but I do use RDP extensively (in fact I'm using it right 
> > now), and I use it THROUGH a VPN connection via a ISA2004 server.
> > 
> > As for knocking down the bandwidth, you're going to get the same 
> > connection speeds regardless of how you connect, as long as you're 
> > doing it from the same location.  The overhead of a VPN
> connection is
> > minimal, and doesn't really affect the overall speed.
> > 
> > So, here's how I do it... I leave my workstation turned on when I 
> > leave (or power it on via WOL), connect to the ISA server via VPN, 
> > then use Remote Desktop to reach my main computer just like I'm 
> > sitting there.
> > No need to spend money on TS licenses, when it's built into
> XP, and no
> 
> > extra software licenses since I'm only using the one computer.
> > 
> > If the screen isn't refreshing fast enough, simply turn
> down the color
> 
> > depth and/or use some of the other optimizing options within RDP.
> > 
> > -----Original Message-----
> > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Thursday, November 10, 2005 11:21 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Securing TS
> > 
> > http://www.ISAserver.org
> > 
> > 
> > Any good tips on security TS on ISA 2004 Server?? Someone wants to 
> > setup TS to access their accounting package from home,
> since VPN will
> > knock down their bandwidth (5Meg Down/800K UP) we decided that TS 
> > would be their best bet.
> > 
> > Andrew
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > dball@xxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > andrew@xxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> 
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mmorgan@xxxxxxxxxxxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005
 


Other related posts: