Locking down RDC connection

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I have RDC working well now, but I'd like to lock down where it can be
accessed from (e.g. by MAC address).

Alternatively is anyone aware of a hardware solution that would provide
stonger authentication using public/private key technology?

Thanks

Cliff

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Not by MAC address, but some firewalls permit rules to only allow certain IP
addresses access...

Being a home user I can't speak to the issue of hardware based firewall
systems that may use private/public keys for authentication. Personally I
have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
pair to access my home LAN. I am now experimenting with a free SSL-VPN
solution, which seems to be working very well...

http://3sp.com/showSslExplorer.do

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"cliffdi" <cliffdi@discussions.microsoft.com> wrote in message
news:7B226F2D-37CE-4790-AF7C-2517BF910D38@microsoft.com...
>I have RDC working well now, but I'd like to lock down where it can be
> accessed from (e.g. by MAC address).
>
> Alternatively is anyone aware of a hardware solution that would provide
> stonger authentication using public/private key technology?
>
> Thanks
>
> Cliff
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Al, thanks again. Both solutions look pretty cool. Will experiment.

For the hardware solution, I was thinking more along the lines of the
Aladdin eToken. It's a USB dongle-type device that has to be physically
present to log-in to Windows (with Aladdin's GINA installed). It's not
completely secure though (mind you though, what is?)

Cheers

Cliff

"Sooner Al [MVP]" wrote:

> Not by MAC address, but some firewalls permit rules to only allow certain IP
> addresses access...
>
> Being a home user I can't speak to the issue of hardware based firewall
> systems that may use private/public keys for authentication. Personally I
> have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
> pair to access my home LAN. I am now experimenting with a free SSL-VPN
> solution, which seems to be working very well...
>
> http://3sp.com/showSslExplorer.do
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "cliffdi" <cliffdi@discussions.microsoft.com> wrote in message
> news:7B226F2D-37CE-4790-AF7C-2517BF910D38@microsoft.com...
> >I have RDC working well now, but I'd like to lock down where it can be
> > accessed from (e.g. by MAC address).
> >
> > Alternatively is anyone aware of a hardware solution that would provide
> > stonger authentication using public/private key technology?
> >
> > Thanks
> >
> > Cliff
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Be careful with 3-rd party GINA's and Remote Desktop... Some have
been known to be incompatible with RD...

Check to make sure that they support working over a Remote
Desktop/Terminal Services "session".
---
Jeffrey Randow (Windows Networking MVP)
jeffreyr-support@remotenetworktechnology.com
http://www.networkblog.net (My Networking Blog)
http://www.remotenetworktechnology.com (Support Site)

On Wed, 29 Jun 2005 05:51:04 -0700, "cliffdi"
<cliffdi@discussions.microsoft.com> wrote:

>Al, thanks again. Both solutions look pretty cool. Will experiment.
>
>For the hardware solution, I was thinking more along the lines of the
>Aladdin eToken. It's a USB dongle-type device that has to be physically
>present to log-in to Windows (with Aladdin's GINA installed). It's not
>completely secure though (mind you though, what is?)
>
>Cheers
>
>Cliff
>
>"Sooner Al [MVP]" wrote:
>
>> Not by MAC address, but some firewalls permit rules to only allow certain IP
>> addresses access...
>>
>> Being a home user I can't speak to the issue of hardware based firewall
>> systems that may use private/public keys for authentication. Personally I
>> have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
>> pair to access my home LAN. I am now experimenting with a free SSL-VPN
>> solution, which seems to be working very well...
>>
>> http://3sp.com/showSslExplorer.do
>>
>> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>>
>> "cliffdi" <cliffdi@discussions.microsoft.com> wrote in message
>> news:7B226F2D-37CE-4790-AF7C-2517BF910D38@microsoft.com...
>> >I have RDC working well now, but I'd like to lock down where it can be
>> > accessed from (e.g. by MAC address).
>> >
>> > Alternatively is anyone aware of a hardware solution that would provide
>> > stonger authentication using public/private key technology?
>> >
>> > Thanks
>> >
>> > Cliff
>> >
>>
>>
>>