Remote Desktop risks through VPN

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

At the moment we do not allow users to connect to their desktops via RDP when
they connect to the company network via VPN.

What risks are involved with allowing them? I know that the desktop admins
could snoop but what other risks are there?

Any help would be appreciated.
4 answers Last reply
More about remote desktop risks
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    The risks are actually pretty minimal. The RDP protocol is encrypted, on top of your VPN connection. The worst that could happen is that users can map their local drives to the RD host. If they had a viral or other type of malware infection, it could possibly be spread that way, but since they're already VPN'd in, and probably have access to LAN resources, its really a non-issue.

    --
    Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
    Win 95/98/Me/XP Tweaks and Fixes
    http://www.dougknox.com
    --------------------------------
    Per user Group Policy Restrictions for XP Home and XP Pro
    http://www.dougknox.com/xp/utils/xp_securityconsole.htm
    --------------------------------
    Please reply only to the newsgroup so all may benefit.
    Unsolicited e-mail is not answered.

    "The Frustrated Monk" <TheFrustratedMonk@discussions.microsoft.com> wrote in message news:3E946A74-3E06-4C86-9680-F5056760D782@microsoft.com...
    > At the moment we do not allow users to connect to their desktops via RDP when
    > they connect to the company network via VPN.
    >
    > What risks are involved with allowing them? I know that the desktop admins
    > could snoop but what other risks are there?
    >
    > Any help would be appreciated.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <3E946A74-3E06-4C86-9680-F5056760D782@microsoft.com>,
    TheFrustratedMonk@discussions.microsoft.com says...
    > At the moment we do not allow users to connect to their desktops via RDP when
    > they connect to the company network via VPN.
    >
    > What risks are involved with allowing them? I know that the desktop admins
    > could snoop but what other risks are there?
    >
    > Any help would be appreciated.

    We setup medical companies with VPN to a firewall Appliance and then a
    rule that permits RDP to the specific users desktop only. The users
    authenticate with the firewall (which does not authenticate with the
    Domain) and then they can open a RD connection to their workstation and
    only to their workstation.

    When in a RD session remotely, their desktop is locked, so other users
    can't see what is happening on their computer, and it's been safe so
    far.


    --
    --
    spam999free@rrohio.com
    remove 999 in order to email me
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thank you for the information!
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <eXGo$ymhFHA.1948@TK2MSFTNGP12.phx.gbl>, dknox@mvps.org
    says...
    > The risks are actually pretty minimal. The RDP protocol is encrypted, on top of your VPN connection. The worst that could happen is that users can map their local drives to the RD host. If they had a viral or other type of malware infection, it could possibly be spread that way, but since they're already VPN'd in, and probably have access to LAN resources, its really a non-issue.

    We've done a couple RD setups like this and I would have rather had them
    do it with VNC.

    With the current solution we do a VPN to the Firewall appliance, the
    firewall appliance has a single rule per VPN user that limits them to a
    specific IP:PORT inside the company network. With VNC we were able to
    eliminate the sharing of local computer files/services with the remote
    computer files/services, but with RD we've not been able to restrict
    this at the local computers desktop level.

    With users running as local Users they can't change the VNC passwords
    and since it only need a specific port, we don't have to worry about a
    virus/compromised service on their home computer reaching the company
    network as they don't ride the custom port we've setup.

    --
    --
    spam999free@rrohio.com
    remove 999 in order to email me
Ask a new question

Read More

Remote Desktop Connection VPN Desktops Windows XP