Educause Security Discussion mailing list archives
Re: Remote Access to Staff Desktops
From: "Bristol, Gary L." <gbristol () OU EDU>
Date: Wed, 18 Feb 2009 09:41:13 -0600
Actually what we do here at the University of Oklahoma is provide a SSH bastion Host that they connect too. The Bastion hosts use Kerberos authentication to the domain, so there are no local user accounts on the bastion hosts, plus all logging from the host is sent to a remote syslog server. Then we use SSH tunneling to have the users connect to their workstations via Remote Desktop Protocol. There are several ssh clients that allow this type of tunneling. We run a Local HIDS system on the Bastion hosts so that multiple log on failures causes the source ip to be entered in the local iptables with a drop action. The normal RDP connections are not allowed from the internet and the users workstations are located in isolated subnets. Remotely accessing their workstations have several benefits, they don't have to have a desktop at home or mobile that has all their tools loaded. Any access to sensitive information is kept within the confines of the protected networks. Gary L. Bristol CISSP, RHCE University of Oklahoma 200 Felgar St., Suite 226 Norman, OK 73019 405-325-2236 ******************************************** ---------------------------------------------------------------------------- + Ranked 10th in PC Magazine's 2007 Top 20 Wired Campuses + Computerworld 2006 100 Best Places to Work in IT ---------------------------------------------------------------------------- ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you ********************************************************************** From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim Lane Sent: Tuesday, February 17, 2009 10:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Access to Staff Desktops Hi All, We are receiving an increasing number of requests from staff to remotely access their desktops, for a variety of reasons. I would be interested in hearing if any other Universities allow this, and if so how you are providing secure access, or if you have any thoughts/comments on the matter. Thanks, Tim Tim Lane Information Security Program Manager IT&TS Southern Cross University Ph (02) 6620 3290 Mobile 0418 248 571
Current thread:
- Remote Access to Staff Desktops Tim Lane (Feb 17)
- <Possible follow-ups>
- Re: Remote Access to Staff Desktops Gary Dobbins (Feb 18)
- Re: Remote Access to Staff Desktops Sarazen, Daniel (Feb 18)
- Re: Remote Access to Staff Desktops Di Fabio, Andrea (Feb 18)
- Re: Remote Access to Staff Desktops Timothy Payne (Feb 18)
- Re: Remote Access to Staff Desktops Kieper, David (Feb 18)
- Re: Remote Access to Staff Desktops Gary Flynn (Feb 18)
- Re: Remote Access to Staff Desktops HALL, NATHANIEL D. (Feb 18)
- Re: Remote Access to Staff Desktops Mark Monroe (Feb 18)
- Re: Remote Access to Staff Desktops Robin Polak (Feb 18)
- Re: Remote Access to Staff Desktops Bristol, Gary L. (Feb 18)
- Re: Remote Access to Staff Desktops Brawner, David (Feb 18)
- Re: Remote Access to Staff Desktops David Grisham (Feb 18)
- Re: Remote Access to Staff Desktops Justin Dover (Feb 18)
- Re: Remote Access to Staff Desktops Consolvo, Corbett D (Feb 18)
- Re: Remote Access to Staff Desktops John Ladwig (Feb 18)
- Re: Remote Access to Staff Desktops Cal Frye (Feb 18)
- Re: Remote Access to Staff Desktops Emilio Valente (Feb 18)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 18)
- Re: Remote Access to Staff Desktops Anthony Maszeroski (Feb 18)
- Re: Remote Access to Staff Desktops Greg Francis (Feb 18)
(Thread continues...)