Thread: TS over the internet - directly attach, or require a VPN?
View Single Post
  #15  
Old 01-05-2006, 07:15 AM
Jeff Pitsch
 
Posts: n/a
Default Re: TS over the internet - directly attach, or require a VPN?
I'm not kicking sand but when something is explained over and over it gets
very frustrating saying the same thing to the same people. You keep posting
the same questions over and over as if you will finally get the answer you
want to hear. Yet you keep getting the same answers, not just from me, but
others as well. so I guess you can take it as you will. By the way, I'm
responding your comments not the OP. I'm not trying to be a jerk but
obviously it came across that way. I just don't know how to explain it any
more clearly. Don't expose your internal network to the internet.

Jeff Pitsch
http://www.sbcgatekeeper.com
Your Terminal Services Security

"kiln" <kiln@brick-like.com> wrote in message
news:MPG.1e14a50be8c71faf98999e@msnews.microsoft.c om...
>I want to provide a direct line into my LAN? How do you derive that? Or
> the OP? He specifically said they don't need LAN access.
>
> My original comments to you were an expression of puzzlement that you
> basically trashed the OP for asking he was right in thinking that the
> vpn part of a client's current setup should be maintained. I'm not
> really sure if you're reading the posts carefully; the OP was resisting
> a client's suggestion, checking it out. You responded like the OP had
> already flung a LAN wide open to the internet. There is a major
> disconnect between what the OP said and what you responded to. You may
> know a lot about TS etc, but it doesn't mean that anyone asking
> questions here deserves to have sand kicked in their face.
>
> In article <eSpf5IyBGHA.2644@TK2MSFTNGP09.phx.gbl>,
> jeff@sbcgatekeeper.com says...
>> Most companies do not host their webservers from their internal network.
>> This is not a hard concept to grasp. Your wanting to provide a direct
>> line
>> to your internal network. Companies do not do that (typically). It is a
>> very bad security measure. Do you seriously not see the implications in
>> that? Do you not understand that their are things called DMZ's where
>> webservers reside? Nothing is invulnerable but your going out of your
>> way
>> to make it easier for someone to get to your internal network. Why woul
>> dyou do that? A solution even as simple as 2xLoadbalancer is still
>> better
>> than what your suggesting.
>>
>> Jeff Pitsch
>> http://www.sbcgatekeeper.com
>> Your Terminal Services Security Website
>>
>> "kiln" <kiln@brick-like.com> wrote in message
>> news:MPG.1e1472eaa5ca38f498999c@msnews.microsoft.c om...
>> > Your comments confuse me, and they are in the vein of other comments
>> > here that don't make sense to me. I don't think any "connection,
>> > firewall/vpn or not", is completley safe from penetration. Maybe there
>> > are some websites etc that are completely and utterly invulnerable to
>> > attack but I doubt it, as new exploits are always coming to light. Yet
>> > the risk/benefit ratio must be acceptable, else half of the internet
>> > would go away.
>> >
>> > I don't understand why, as far as I can tell, you and others think TS
>> > on
>> > the internet would only be acceptible if it was invulnerable to
>> > penetration? What makes it different from any web server? That's why I
>> > brought up etrade and online banks etc. There must be something behind
>> > what you're saying but I can't figure it out. It sounds like you only
>> > recommend using TS on internal LANS, unless it presents only anonymous
>> > and uninteresting data?
>> >
>> > You also said "Why would you host a TS box at another location and not
>> > provide any services?" I don't understand that either. I think you are
>> > referring to my statement than the ts box I'm talking about would not
>> > be
>> > connected to an internal lan, it's be at an external web host's site.
>> > That doesn't mean it does not provide any services? Right???
>> >
>> > In article <cgxqf.219831$tD4.37575@tornado.ohiordc.rr.com>,
>> > void@nowhere.lan says...
>> >> In article <MPG.1e13c30bad53402198999a@msnews.microsoft.com>,
>> >> kiln@brick-like.com says...
>> >> > I'm not a network person so I don't have a lot of exposure. What's
>> >> > interesting about this is that at the end of the day, a ts setup as
>> >> > you've outlined would seem to be more secure than most websites that
>> >> > deal with important matters (etrade, online banking etc), even if
>> >> > they
>> >> > use https etc. No public websites use vpn/ip addresses. So it makes
>> >> > me
>> >> > wonder, in my case, since there is no corporate lan at risk, is the
>> >> > vpn
>> >> > needed? The server would contain data that is less sensitive than an
>> >> > online bank.


Reply With Quote