Click here to get back home

remotely administering Bastion servers
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
remotely administering Bastion servers mmccaws2 04-02-2007
Posted by Roger Abell [MVP] on April 5, 2007, 9:04 am
Please log in for more thread options
 Agreed. In 7 years now since remote desktop came about, I do not
recall any stories where it was operative in a server compromise
unless it was due to credentials that were already in bad guy's hands.


> G'day:
>
>
>> Any suggestions. Any problems using RADMIN from radmin.com? One
>> suggestion that came my way.
>
> I'm with Nick here. Don't bother about the alternatives, as Remote Desktop
> is good enough.
>
> Besides of being not applicable to Remote Desktop, "too many ports open"
> isn't a risk per se - you may have heaps open and the server will be
> secure as each service will be properly locked down. Take a domain
> controller as an example.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>



Posted by mmccaws2 on April 5, 2007, 1:58 pm
Please log in for more thread options
> Agreed. In 7 years now since remote desktop came about, I do not
> recall any stories where it was operative in a server compromise
> unless it was due to credentials that were already in bad guy's hands.
>
>
> > G'day:
>
>
> >> Any suggestions. Any problems using RADMIN from radmin.com? One
> >> suggestion that came my way.
>
> > I'm with Nick here. Don't bother about the alternatives, as Remote Desktop
> > is good enough.
>
> > Besides of being not applicable to Remote Desktop, "too many ports open"
> > isn't a risk per se - you may have heaps open and the server will be
> > secure as each service will be properly locked down. Take a domain
> > controller as an example.
>
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
>
> > *http://sl.mvps.org*http://msmvps.com/blogs/sp*

Ok

Thanks


Posted by Anthony on April 3, 2007, 5:26 am
Please log in for more thread options
VPN to behind the firewall then RDP back out to the DMZ.
Anthony
www.airdesk.co.uk



> What options does one have to remotely manage a Bastion host located
> in the DMZ.. From everything I've seen, remote desktop shouldn't be
> used because it opens too many ports? Any suggestions are welcome.
>
> Mike
>



Posted by mmccaws2 on April 3, 2007, 9:43 am
Please log in for more thread options
> VPN to behind the firewall then RDP back out to the DMZ.
> Anthonywww.airdesk.co.uk
>
>
>
> > What options does one have to remotely manage a Bastion host located
> > in the DMZ.. From everything I've seen, remote desktop shouldn't be
> > used because it opens too many ports? Any suggestions are welcome.
>
> > Mike

Well if I could I would put this in it's own DMZ environment.
However, there is a whole slew of servers on the same subnet that run
any OS and any form of security or lack of security because it's on a
DMZ.. DMZs that are designed to solve everyone solutions are no
longer as secure. There are AD servers from the internal AD forest
running accessing printers. And in the rest of the network, there is
evidence of the occasional virus.

So how about VNC? How would you compare VNC with Radmin and remote
desktop?

Mike


Posted by S. Pidgorny on April 7, 2007, 5:13 am
Please log in for more thread options
G'day:

> VPN to behind the firewall then RDP back out to the DMZ.
> Anthony
> www.airdesk.co.uk

Clearly an overkill.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *



Similar ThreadsPosted
Win2003 SP1 remotely restart service June 14, 2005, 1:02 pm
Allow user to restart service remotely July 27, 2007, 11:28 pm
Service writing on Win2003 remotely. October 26, 2007, 8:59 am
Remotely query local policies January 10, 2008, 4:42 pm
How to allow non-admin to run scheduled tasks remotely? July 24, 2008, 1:18 pm
Error in my security log when attempting to browse site remotely September 6, 2005, 3:20 pm
Re: Grant user right to remotely start stop server - can anybody help? March 10, 2006, 12:32 pm
Re: Grant user right to remotely start stop server - can anybody help? March 10, 2006, 12:41 pm
Start and Stop Services Remotely Under Non-Administrative User April 26, 2006, 5:01 pm
Account lock out when accessing computer management remotely September 27, 2006, 11:32 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap