[Teknoids] Question about restricting RDP (Remote Desktop) from off-campus

Perloff, Jim perloffj at uchastings.edu
Wed Sep 28 17:29:29 EDT 2011


In compliance with NIST recommendations, we don't permit any RDP access.
There are almost always alternate safe and secure techniques to help
end-users do their teaching, research and administrative work.  The
government's recommendation makes perfect sense and I explicitly cite
this as the reason. With Cisco VPN software, the open source iFolder 3x
program (which isn't dependent on NetWare or NDS) and other packages
we've meet people's needs and expectations- so far.

 

see pg. 2-7 to 2-8 for the discussion and this conclusion 

Generally, remote desktop access solutions should only be used for
exceptional cases after a careful analysis of the security risks. The
other types of remote access solutions described in this section offer
superior security capabilities.

This is from the Feds' Guide to Enterprise Telework and Remote Access
Security, National Institute of Standards and Technology, Special
Publication 800-46

 

Candor to my fellow techies compels me to admit the guilty secret
exception: we allow RDP for a handful of computer admins. 

 

Jim

 

From: teknoids-bounces at ruckus.law.cornell.edu
[mailto:teknoids-bounces at ruckus.law.cornell.edu] On Behalf Of Corey,
Kirk
Sent: Wednesday, September 28, 2011 11:45 AM
To: teknoids at ruckus.law.cornell.edu
Subject: [teknoids] Question about restricting RDP (Remote Desktop)
fromoff-campus

 

Hello, fellow teknoids.  In the wake of the Morto worm, we are getting
ready to block tcp port 3389 at the border to prevent this and other
nasties from coming onto campus.  Remote Desktop will still be available
to folks who first connect via the VPN.  We're getting ready to announce
this change to our customers, and I've noticed in the past that, it
sometimes provides helpful perspective to say "And this is the type of
policy they have at [insert list of other Law Schools here]."

 

So, for those who are willing to participate in this very brief, one
question survey--- at your institution, which of the following best
describes your policy:

 

1)      RDP currently blocked at the border, user must first establish
VPN in order to use RDP.

2)      RDP currently blocked at the border, user must drive to campus
or develop ninja hacking skills to breach firewall and use RDP from off
campus.

3)      RDP not currently blocked, but we've talked about it and have
plans/intent to implement in the future.

4)      RDP not currently blocked, no plans to block for the foreseeable
future.

5)      Other (please explain).

 

Please feel free to send comments to me individually, and I'll be happy
to summarize for the list.  

 

Many thanks,

 

Kirk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ruckus.law.cornell.edu/pipermail/teknoids/attachments/20110928/33a2922b/attachment.html


More information about the Teknoids mailing list