Locking down RDC connection



cliffdi
07-10-2005, 12:10 AM
I have RDC working well now, but I'd like to lock down where it can be
accessed from (e.g. by MAC address).

Alternatively is anyone aware of a hardware solution that would provide
stonger authentication using public/private key technology?

Thanks

Cliff

Sooner Al [MVP]
07-10-2005, 12:10 AM
Not by MAC address, but some firewalls permit rules to only allow certain IP
addresses access...

Being a home user I can't speak to the issue of hardware based firewall
systems that may use private/public keys for authentication. Personally I
have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
pair to access my home LAN. I am now experimenting with a free SSL-VPN
solution, which seems to be working very well...

http://3sp.com/showSslExplorer.do

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"cliffdi" <cliffdi@discussions.microsoft.com> wrote in message
news:7B226F2D-37CE-4790-AF7C-2517BF910D38@microsoft.com...
>I have RDC working well now, but I'd like to lock down where it can be
> accessed from (e.g. by MAC address).
>
> Alternatively is anyone aware of a hardware solution that would provide
> stonger authentication using public/private key technology?
>
> Thanks
>
> Cliff
>

cliffdi
07-10-2005, 12:10 AM
Al, thanks again. Both solutions look pretty cool. Will experiment.

For the hardware solution, I was thinking more along the lines of the
Aladdin eToken. It's a USB dongle-type device that has to be physically
present to log-in to Windows (with Aladdin's GINA installed). It's not
completely secure though (mind you though, what is?)

Cheers

Cliff

"Sooner Al [MVP]" wrote:

> Not by MAC address, but some firewalls permit rules to only allow certain IP
> addresses access...
>
> Being a home user I can't speak to the issue of hardware based firewall
> systems that may use private/public keys for authentication. Personally I
> have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
> pair to access my home LAN. I am now experimenting with a free SSL-VPN
> solution, which seems to be working very well...
>
> http://3sp.com/showSslExplorer.do
>
> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "cliffdi" <cliffdi@discussions.microsoft.com> wrote in message
> news:7B226F2D-37CE-4790-AF7C-2517BF910D38@microsoft.com...
> >I have RDC working well now, but I'd like to lock down where it can be
> > accessed from (e.g. by MAC address).
> >
> > Alternatively is anyone aware of a hardware solution that would provide
> > stonger authentication using public/private key technology?
> >
> > Thanks
> >
> > Cliff
> >
>
>
>


Locking down RDC connection