-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It all depends on who will be accessing the services and how. If you mean open VNC, Terminal services etc up to the internet and the rest of the world, then I cant stress enough how bad of an idea this is. The amount of VNC and terminal services issues that have been released recently would make me think twice about running them on a closed LAN let alone the internet.
Having said that if you plan on having your users VPN into your network and THEN allowing them access to VNC, terminal services etc. That's probably the easiest way to admin Windows servers remotely and reasonably securely and it shouldn't hurt the users on dialup too much. So basically the ideal setup I would recommend would be this Users establish a VPN connection to your site using either a VPN device like Cisco's concentrator 3000 series or even a UNIX box with IPSec. Once they are authenticated into your network they are assigned an IP local to your network from a pool of IP's with restricted access ( restricted to what you want to allow the remote people to do ). - From there setup firewall/router ACL's to allow these IP's ( and only these IP's ) to the machines running VNC, Terminal services etc. Alternatively you could look into some KVM over IP products. We use Avocent http://www.avocent.com/web/en.nsf for all of our NT Boxes. The client is a bit of a bandwidth hog though so using remotely may be out of the question for dial up users, however having a single VNC box on your network with the DSView client on it may make the situation more manageable for you. This email was just a quick very rough idea outline, if you need/want a more clear image of what I was thinking just let me know. Danny - -----Original Message----- From: Orlando J. Cano [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 7:58 PM To: [EMAIL PROTECTED] Subject: Remote access solution I have recently been assigned to join efforts with our Network group in coming up with a secure remote access solution for our Network. This will involve accessing servers in our DMZ. I was wondering if this securityfocus community could elaborate on how secure VNC, Freevision or Terminal Services are or better yet recommend another solution. Any comments would be greatly appreciated. Thanks oc -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPjmZsmb1zPz07fHgEQLgzgCfTyl/tvlX5WurA8L5yFj+Er7COa4AnR5M dpZa/votAix4nTTmAli72/3q =gVvI -----END PGP SIGNATURE-----