Locking down RDC connection

[Guest]

I have RDC working well now, but I'd like to lock down where it can be
accessed from (e.g. by MAC address).

Alternatively is anyone aware of a hardware solution that would provide
stonger authentication using public/private key technology?

Thanks

Cliff

 

[Sooner Al [MVP]]

Not by MAC address, but some firewalls permit rules to only allow certain IP
addresses access...

Being a home user I can't speak to the issue of hardware based firewall
systems that may use private/public keys for authentication. Personally I
have used RDP through a SSH2 tunnel with a 2048-bit RSA private/public key
pair to access my home LAN. I am now experimenting with a free SSL-VPN
solution, which seems to be working very well...

http://3sp.com/showSslExplorer.do

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Guest]

Al, thanks again. Both solutions look pretty cool. Will experiment.

For the hardware solution, I was thinking more along the lines of the
Aladdin eToken. It's a USB dongle-type device that has to be physically
present to log-in to Windows (with Aladdin's GINA installed). It's not
completely secure though (mind you though, what is?)

Cheers

Cliff

 

[Jeffrey Randow (MVP)]

Be careful with 3-rd party GINA's and Remote Desktop... Some have
been known to be incompatible with RD...

Check to make sure that they support working over a Remote
Desktop/Terminal Services "session".
---
Jeffrey Randow (Windows Networking MVP)
(e-mail address removed)
http://www.networkblog.net (My Networking Blog)
http://www.remotenetworktechnology.com (Support Site)