Sounds like a number of issues to tackle. I would close the RDP ports at the perimeter and use some flavor of a VPN. Make them come over the VPN for all their remote needs. Use a SSL/Application layer VPN if you have a choice w/ RSA etc. Use group policy to handle the RDP settings so they cant change them.
On Wed, Aug 11, 2010 at 12:28 PM, Tyler Robinson <[email protected]>wrote: > Alright so after failing a recent security audit which I knew we would I > have a little bit of fire to allow me to make some corp changes one of them > being remote devices and policy. Currently there are mobile devices > unencrypted, and with cheesy passwords out on the road using unsecured RDP > to connect back to our terminal server to use apps, My question is what is > going to be an easy to roll out solution to make this situation secure I > worry that one of these devices will get stolen or sniffed and the terminal > server is on the LAN with the rest of everything , it’s a flat domain… so > how to I allow remote connections securely without allowing them to save > there stupid RDP Connection credentials(set to autologin) on an unpassworded > desktop. Any ideas or suggestions I have one year to plan, implement and > change this broken system, over about 10 corps all releated and setup the > same…. > > Thanks as always to everyone, > > TR > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
