Ray, Do you have any packet inspection behind the firewall?
Fergal From: Ray [mailto:rz...@qwest.net] Sent: 09 December 2010 12:20 To: NT System Admin Issues Subject: RE: Remote access - Allow employees work from home We VPN then RDP. We tell people to RDP to their desktops. From: Fergal O'Connell [mailto:foconn...@curamsoftware.com] Sent: Thursday, December 09, 2010 3:07 AM To: NT System Admin Issues Subject: RE: Remote access - Allow employees work from home Is it possible to to allow the users to RDP over VPN to the firewall and then route via a ISA server? From: RS [mailto:rich...@gmail.com] Sent: 08 December 2010 21:04 To: NT System Admin Issues Subject: Re: Remote access - Allow employees work from home I guess what I was trying to point out is that rolling out a basic RDP over VPN solution leaves potential holes that need to be addressed. We use TS Gateway and disable device redirection on the CAP. On Wed, Dec 8, 2010 at 2:02 PM, David Lum <david....@nwea.org<mailto:david....@nwea.org>> wrote: RDS or Citrix they only have access to drives via apps offered by the RDP or Citrix session – the home user cannot UNC to drives as one could via VPN. Launching Excel for example the EXCEL.EXE is on the RDS or Citrix box in RAM and not the local users box…hence and infected system cannot get to the EXCEL.EXE (or more importantly, it’s folder structure) to infect it. As other have said, you don’t really want a network connection between an unmanaged machine and your network. Dave From: RS [mailto:rich...@gmail.com<mailto:rich...@gmail.com>] Sent: Wednesday, December 08, 2010 9:49 AM To: NT System Admin Issues Subject: Re: Remote access - Allow employees work from home That's what I thought, and why I asked the question. If Joe home user can connect his virus-riddled home (or even laptop) drives via the RDP session, what have you really gained? (This can also be a source of data leakage, not just inbound malware.) On Wed, Dec 8, 2010 at 12:39 PM, Phil Brutsche <p...@optimumdata.com<mailto:p...@optimumdata.com>> wrote: Such things are configurable in TS/RDS and Citrix. If you allow them to connect directly to their work desktop, then no. On 12/8/2010 9:59 AM, RS wrote: > Doing it this way, can you administratively control options like > connecting local drives, printers, clipboard, etc? That might be important. -- Phil Brutsche p...@optimumdata.com<mailto:p...@optimumdata.com> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
