Click here to get back home

remotely administering Bastion servers
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
remotely administering Bastion servers mmccaws2 04-02-2007
Posted by mmccaws2 on April 16, 2007, 2:55 pm
Please log in for more thread options
> I agree, no point in over-engineering
> Anthonywww.airdesk.co.uk
>
>
> > Perhaps I do - my apologies. The thing is, I have seen so many
> > overengineered solutions, like VPN gateways running on firewalls protected
> > by another layer of firewalls, that I've become too suspicious.
>
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
>
> > *http://sl.mvps.org*http://msmvps.com/blogs/sp*
>
> >> You are misreading my suggestion. It is nothing more complicated than:
> >> - use VPN to achieve secure remote access to the network behind the
> >> access point (router, firewall, VPN device or whatever)
> >> - use RDP to administer the server.
> >> Anthony
> >>www.airdesk.co.uk
>
> >>>>>> VPN to behind the firewall then RDP back out to the DMZ.

Sorry I missed this last week. External DNS is the application that
needs protecting.

Mike


Posted by S. Pidgorny on April 17, 2007, 5:22 am
Please log in for more thread options
 G'day:


> Sorry I missed this last week. External DNS is the application that
> needs protecting.

If it's Windows DNS, use Remote Desktop. If it's UNIX or Linux, use SSH. You
can use SSH on Windows, too (god option for command line connectivity -
which is sufficient for DNS administration)

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *



Posted by mmccaws2 on April 17, 2007, 11:35 am
Please log in for more thread options
> G'day:
>
> > Sorry I missed this last week. External DNS is the application that
> > needs protecting.
>
> If it's Windows DNS, use Remote Desktop. If it's UNIX or Linux, use SSH. You
> can use SSH on Windows, too (god option for command line connectivity -
> which is sufficient for DNS administration)
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>


> *http://sl.mvps.org*http://msmvps.com/blogs/sp*

How does this Alert relate to remote desktop?

WACIRC Alert WCRC2007-012 SL2 Microsoft Windows Domain Name
System Service Remote Procedure Call Interface Vulnerability


Posted by S. Pidgorny on April 19, 2007, 5:10 am
Please log in for more thread options
G'day:


> How does this Alert relate to remote desktop?
>
> WACIRC Alert WCRC2007-012 SL2 Microsoft Windows Domain Name
> System Service Remote Procedure Call Interface Vulnerability

No how. The vulnerability is in remote management protocol; remote desktop
allows to do local administration only (have RPC disabled/restricted by the
firewall).

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *



Similar ThreadsPosted
Win2003 SP1 remotely restart service June 14, 2005, 1:02 pm
Allow user to restart service remotely July 27, 2007, 11:28 pm
Service writing on Win2003 remotely. October 26, 2007, 8:59 am
Remotely query local policies January 10, 2008, 4:42 pm
How to allow non-admin to run scheduled tasks remotely? July 24, 2008, 1:18 pm
Error in my security log when attempting to browse site remotely September 6, 2005, 3:20 pm
Re: Grant user right to remotely start stop server - can anybody help? March 10, 2006, 12:32 pm
Re: Grant user right to remotely start stop server - can anybody help? March 10, 2006, 12:41 pm
Start and Stop Services Remotely Under Non-Administrative User April 26, 2006, 5:01 pm
Account lock out when accessing computer management remotely September 27, 2006, 11:32 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap