remote desktop
|
Prev: SBS2008 + C:\ partition very low on disk space
Next: Win2K3 SBS: Replacing RAIDED SATA drives (Dell SC420) [250GB->1TB+
From: hct on 31 Jul 2010 14:43 I have a company I just took over that has three of the owners using remote desktop to login remotely to there office computers.. There is an public IP address that is one to one natted to a port and then each machine has a static ip on the inside of the network.. This was supposedly done to accomodate dual monitors at home becasue rww could not do dual monitors and also was faster than a VPN... They login using the ip address and login with ther computer credentials... Is there a way to make this more secure...? This is a SBS 2003 network Thanks for your input
From: Charlie Russel-MVP on 31 Jul 2010 16:37
I can think of several things I don't like about this, but given you inherited it, and it's meeting their needs for the moment, I'd suggest two additions. I'd add AuthAnvil (www.scorpionsoft.com) or another form of Two Factor Authentication(TFA). I'd also restrict the port forwarding to only be allowed from explicit IP addresses (those of the home machines they're logging in from.) The IP address restrictions will need to be a range unless they have a static IP address on their home machines. -- Charlie. http://msmvps.com/blogs/Russel "hct" <bob.hardin(a)gmail.com> wrote in message news:9ed956dc-832e-4b1f-b2ad-4fe4e51d3df3(a)d8g2000yqf.googlegroups.com... >I have a company I just took over that has three of the owners using > remote desktop to login remotely to there office computers.. There is > an public IP address that is one to one natted to a port and then each > machine has a static ip on the inside of the network.. This was > supposedly done to accomodate dual monitors at home becasue rww could > not do dual monitors and also was faster than a VPN... > They login using the ip address and login with ther computer > credentials... > > Is there a way to make this more secure...? > > This is a SBS 2003 network > Thanks for your input > |