Announcement

Collapse
No announcement yet.

How to enable secure Remote Desktop access from the internet using Windows 2008 ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to enable secure Remote Desktop access from the internet using Windows 2008 ?

    To All Windows Server Expert,

    I wonder if Windows Server 2008 does have the capability for me to secure port 3389 that i open for remote desktop using internet.

    What security measure should i put in place to allow me securely access my Windows Server 2008 from home.

    If I'd like to implement it into a virtualized box, can I deploy it together with the ISA Server 2006 Std ?

    Thanks.
    Attached Files

  • #2
    Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

    Of course you can connect from remote. All you need to do is to enable RDP (or full TS if you need more than 2 connections - but you need to buy TS CALs for that). Next, configure the FW to forward TCP 3389 to the server's internal IP address. Then, connect to the FW's external IP, and you'll be forwarded to the internal server.

    However...

    In order to better protect this setup, you should implement a remote access protocol such as an PPTP or L2TP/IPSEC or SSL VPN type of connection. This will prevent malicious users from reaching the server's logon screen through 3389, and unless they're able to initiate the VPN connection and successfully logon to the VPN server, they will not be able to use 3389.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

      There are multiple ways, where as the VPN is the nicest way.
      However you also might check out to publish TS gateway with ISA;
      http://technet.microsoft.com/en-us/l.../cc771530.aspx

      However removing the "physical" firewall can cause other issues where you have to think about when ISA becomes the edge firewall of the total network:
      http://blogs.technet.com/isablog/arc...-machines.aspx
      http://technet.microsoft.com/en-us/l.../cc891502.aspx
      And also check out this video:
      http://technet.microsoft.com/en-us/l.../cc891502.aspx
      Last edited by Dumber; 21st May 2009, 16:36. Reason: typo
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

        Thanks to all for your reply it is very helpful to know that RDP can be published to the internet by using a very simple setup like the diagram.

        in this case the only problem for me to make a secure network is that the ISA Server 2006 which cannot be deployed in Windows Server 2008 x64

        Comment


        • #5
          Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

          But it can be deployed on a Win2003 32-bit box. I really don't see the difference. 64-bit comes to play when there is need to more RAM or more cores than you could get on 32-bit. How much RAM were you planning on putting in the ISA box? 4GB is enough.
          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

            Well you're right Dan,

            i was planning to put only 256 MB of RAM into the VM.

            Thanks for your suggestion, I shall publish the port 3389 behind ISA Server 2006 to make it secure against attack from the internet.

            Cheers.

            Comment


            • #7
              Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

              256 MB isn't much
              At some time TMG will be released and then you have to run it on Windows 2008 X64
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: How to enable secure Remote Desktop access from the internet using Windows 2008 ?

                thanks to all for the help, it is really helpful for me to know about the best practice from you guys.

                Cheers.

                Comment

                Working...
                X