Remote Desktop and VPN's

Hi

I'm currently wanting to make a Remote Desktop connection more secure by
implementing a VPN.

However, after setting up a VPN in Windows XP, I see that all you need to
set one up is the domain name, a username and password. I do not see how this
is any more secure than Remote Desktop as all you need for this is the
domain, username and password. My main concern of using the remote desktop
protocol is the leak of usernames and passwords via social engineering. Is
there someway of restricting access to the VPN server to only certain clients?

I am eventually wanting to set up the VPN on a Windows Server 2003 SP1
machine. Are there any differences between the VPN technologies on this to
Windows XP?

Thanks in anticipation.
Regards
Dan Rostron

Personally I use a Secure Shell (SSH) connection with a 2048-bit RSA
private/public key pair (encrypted with a strong pass phrase) versus a
password (strong or otherwise) for that reason and others.

http://theillustratednetwork.mvps.or...esktopSSH.html

Of course this is for remote access to my home LAN versus a corporate
environment.

Is this for a corporate/office/work environment or a home SOHO situation?

For the former you might look into using a IPSec/L2TP VPN versus a simple
PPTP VPN. I suggest you post to the
"microsoft.public.windows.server.general",
"microsoft.public.windows.server.networking" and/or
"microsoft.public.windows.terminal_services" news groups for additional help
with setting and using an IPSec/L2TP VPN on your Windows 2003 Server box and
the use of both Terminal Server and certificates.

Other information from MS...

http://www.microsoft.com/windowsserv...n/default.mspx

You also might consider an IPSec/L2TP end-point type router. Others can
speak to that solution.

For home you might also consider these free SSL VPN solutions...

http://openvpn.net/
http://3sp.com/showSslExplorer.do

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"danrostron" <danrostron@discussions.microsoft.com> wrote in message
news:BF92FB2D-90D1-4C38-9901-C77281D8935C@microsoft.com...
> Hi
>
> I'm currently wanting to make a Remote Desktop connection more secure by
> implementing a VPN.
>
> However, after setting up a VPN in Windows XP, I see that all you need to
> set one up is the domain name, a username and password. I do not see how
> this
> is any more secure than Remote Desktop as all you need for this is the
> domain, username and password. My main concern of using the remote desktop
> protocol is the leak of usernames and passwords via social engineering. Is
> there someway of restricting access to the VPN server to only certain
> clients?
>
> I am eventually wanting to set up the VPN on a Windows Server 2003 SP1
> machine. Are there any differences between the VPN technologies on this to
> Windows XP?
>
> Thanks in anticipation.
> Regards
> Dan Rostron
>

Hi

Thanks for that info. I've read all the links and decided to go with a PPTP
VPN solution, mainly because of it's low TCO. One point I read somewhere (but
can't remember where) was that setting up a PPTP VPN using Windows Server
2003 Web Edition would not allow more than 1 concurrent connection. Is this
true? Is there any alternative? I really need a VPN which can handle multiple
concurrent connections.

I know I could use one of the many open source alternatives, but mainly
wanted to use a Windows based VPN because of its ease of setup.

Thanks again.
Kind Regards
Dan Rostron

"Sooner Al [MVP]" wrote:

> Personally I use a Secure Shell (SSH) connection with a 2048-bit RSA
> private/public key pair (encrypted with a strong pass phrase) versus a
> password (strong or otherwise) for that reason and others.
>
> http://theillustratednetwork.mvps.or...esktopSSH.html
>
> Of course this is for remote access to my home LAN versus a corporate
> environment.
>
> Is this for a corporate/office/work environment or a home SOHO situation?
>
> For the former you might look into using a IPSec/L2TP VPN versus a simple
> PPTP VPN. I suggest you post to the
> "microsoft.public.windows.server.general",
> "microsoft.public.windows.server.networking" and/or
> "microsoft.public.windows.terminal_services" news groups for additional help
> with setting and using an IPSec/L2TP VPN on your Windows 2003 Server box and
> the use of both Terminal Server and certificates.
>
> Other information from MS...
>
> http://www.microsoft.com/windowsserv...n/default.mspx
>
> You also might consider an IPSec/L2TP end-point type router. Others can
> speak to that solution.
>
> For home you might also consider these free SSL VPN solutions...
>
> http://openvpn.net/
> http://3sp.com/showSslExplorer.do
>
> Good luck...
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "danrostron" <danrostron@discussions.microsoft.com> wrote in message
> news:BF92FB2D-90D1-4C38-9901-C77281D8935C@microsoft.com...
> > Hi
> >
> > I'm currently wanting to make a Remote Desktop connection more secure by
> > implementing a VPN.
> >
> > However, after setting up a VPN in Windows XP, I see that all you need to
> > set one up is the domain name, a username and password. I do not see how
> > this
> > is any more secure than Remote Desktop as all you need for this is the
> > domain, username and password. My main concern of using the remote desktop
> > protocol is the leak of usernames and passwords via social engineering. Is
> > there someway of restricting access to the VPN server to only certain
> > clients?
> >
> > I am eventually wanting to set up the VPN on a Windows Server 2003 SP1
> > machine. Are there any differences between the VPN technologies on this to
> > Windows XP?
> >
> > Thanks in anticipation.
> > Regards
> > Dan Rostron
> >
>
>
>

I would post the question about the PPTP web concurrent connections to the
server news group. I do know that is true if you use XP as a VPN server.

I do know that SSH, SSL and IPSec/L2TP VPN's can accept multiple concurrent
connections or a least can be configured to.

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"danrostron" <danrostron@discussions.microsoft.com> wrote in message
news:537C2A2A-8CDF-4880-8EC4-CC0E495E40DB@microsoft.com...
> Hi
>
> Thanks for that info. I've read all the links and decided to go with a
> PPTP
> VPN solution, mainly because of it's low TCO. One point I read somewhere
> (but
> can't remember where) was that setting up a PPTP VPN using Windows Server
> 2003 Web Edition would not allow more than 1 concurrent connection. Is
> this
> true? Is there any alternative? I really need a VPN which can handle
> multiple
> concurrent connections.
>
> I know I could use one of the many open source alternatives, but mainly
> wanted to use a Windows based VPN because of its ease of setup.
>
> Thanks again.
> Kind Regards
> Dan Rostron
>
> "Sooner Al [MVP]" wrote:
>
>> Personally I use a Secure Shell (SSH) connection with a 2048-bit RSA
>> private/public key pair (encrypted with a strong pass phrase) versus a
>> password (strong or otherwise) for that reason and others.
>>
>> http://theillustratednetwork.mvps.or...esktopSSH.html
>>
>> Of course this is for remote access to my home LAN versus a corporate
>> environment.
>>
>> Is this for a corporate/office/work environment or a home SOHO situation?
>>
>> For the former you might look into using a IPSec/L2TP VPN versus a simple
>> PPTP VPN. I suggest you post to the
>> "microsoft.public.windows.server.general",
>> "microsoft.public.windows.server.networking" and/or
>> "microsoft.public.windows.terminal_services" news groups for additional
>> help
>> with setting and using an IPSec/L2TP VPN on your Windows 2003 Server box
>> and
>> the use of both Terminal Server and certificates.
>>
>> Other information from MS...
>>
>> http://www.microsoft.com/windowsserv...n/default.mspx
>>
>> You also might consider an IPSec/L2TP end-point type router. Others can
>> speak to that solution.
>>
>> For home you might also consider these free SSL VPN solutions...
>>
>> http://openvpn.net/
>> http://3sp.com/showSslExplorer.do
>>
>> Good luck...
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "danrostron" <danrostron@discussions.microsoft.com> wrote in message
>> news:BF92FB2D-90D1-4C38-9901-C77281D8935C@microsoft.com...
>> > Hi
>> >
>> > I'm currently wanting to make a Remote Desktop connection more secure
>> > by
>> > implementing a VPN.
>> >
>> > However, after setting up a VPN in Windows XP, I see that all you need
>> > to
>> > set one up is the domain name, a username and password. I do not see
>> > how
>> > this
>> > is any more secure than Remote Desktop as all you need for this is the
>> > domain, username and password. My main concern of using the remote
>> > desktop
>> > protocol is the leak of usernames and passwords via social engineering.
>> > Is
>> > there someway of restricting access to the VPN server to only certain
>> > clients?
>> >
>> > I am eventually wanting to set up the VPN on a Windows Server 2003 SP1
>> > machine. Are there any differences between the VPN technologies on this
>> > to
>> > Windows XP?
>> >
>> > Thanks in anticipation.
>> > Regards
>> > Dan Rostron
>> >