> ----- Original Message ----- > From: "Pidgorny, Slav" <[EMAIL PROTECTED]> > To: "'Matt LYNCH'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; ><[EMAIL PROTECTED]> > > -----Original Message----- > > From: Matt LYNCH [mailto:[EMAIL PROTECTED]] > > > > I have been given the task of administering a web server > > contained within a > > DMZ. I am OK with the admin side of things but would prefer > > for time reasons > > to be able to remotely administer this machine. I have always used > > PCAnywhere, VNC and the MMC. But I now cannot use these due > > to the security > > risk. Does anyone else remote admin inside a DMZ and if so how?? > > > > All machine are NT 4.0, I use a W2K desktop. (Free would be > > nice, but I am > > also interested if there are commercial solutions available). > > Use the tools (pcA, MMC) over VPN connection. It's probably a good idea to > migrate to Win2K and use terminal services connection - robust and secure.
IMHO you would be ill-advised to expose Terminal Services on a W2K / NT server to the internet, as the MS01-052 security vulnerability demonstrates (read between the lines and you'll find that even MS assumes that no-one would be foolish enough to expose TS to the internet - and they assigned their new "risk-ratings" accordingly)... http://www.microsoft.com/technet/security/bulletin/MS01-052.asp Stick with allowing VPN-only access to the box, and use VNC/pcA/MMC/Terminal Services over your "secured" VPN connection. James