I’ve done quite of bit of testing on
this. You can move TS to a new port (443/80), but then that’s not
really a proxy. You can use proxies for RDP and have the traffic tunneled over
443. I recommend this approach so that only authenticated users have
access to RDP/Citrix server rather than the Internet at large. However, I
recommend against using SSL based VPNs for network layer access as they ignore
client side security. Do you really want users connecting from random PCs
on the Internet that already have Trojans/backdoors installed? Then that
hacked PC gives some other party full access to your network? Perhaps
from a coffee bar where they forget to log off and walk away giving an entire
city access to your internal network? For remote access, stick with IPSec
so that you can enforce strong authentication, firewall rules, and verify the
presence of virus scanners.
-S
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Bartsch, Vincent
Sent: Monday, April 28, 2003 9:15
PM
To: '[EMAIL PROTECTED]'
Subject: [VPN] SSL VPN
I am researching everything about SSL and it's use as
a VPN solution. I am aware of some of
it's
limitations but I was wondering has anyone tried this: allowed a SSL connection
to a web
server
that lets the user to open a connection to a terminal server. Or can it be
configured to
connect
to a terminal server via a SSL connection directly? Has anyone tried this, were
they
successful?
Again, I am just researching this thought. Any word
back on this would be most appreciated,
thanks.
Vincent
Welcome to the Virus.Org Mailing List Archive 