ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Looking for a remote access solution

    IT Discussion
    dashrender remote access
    4
    22
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @dashrender said in Looking for a remote access solution:

      @scottalanmiller said in Looking for a remote access solution:

      To most people, VPN is purely a Netflix location trickery tool and has nothing to do with security or access to resources.

      I don't know about that - at least not anymore. The pandemic I think brought VPN and security into the general conscious.

      Yes, but in the way that I said. Everyone knows the term, everyone thinks it's a thing for Netflix. Two years ago, a few people knew it. Now with the boom of YouTubers and these "VPN products" being sold through all the consumer channels, the pandemic has made "VPN as entertainment" a forefront thing.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @dashrender said in Looking for a remote access solution:

        @scottalanmiller said in Looking for a remote access solution:

        @jaredbusch said in Looking for a remote access solution:

        @dashrender said in Looking for a remote access solution:

        @jaredbusch said in Looking for a remote access solution:

        Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

        Done.

        I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

        Then put the 2fa on the Windows RDP login with a service like Duo.
        https://duo.com/docs/rdp
        https://duo.com/editions-and-pricing/duo-free

        Just use ZT to lower (all but remove) the attack surface.

        That would get them up to 3FA (which isn't a bad thing) assuming ZT isn't somehow tied to some other authentication mechanism.

        As it's been AGES since I've used ZT - can you make the user have to log into it each time they launch it? If yes - and it's logon isn't associated with AD (as you mentioned) then OK - I see how you consider ZT and RDP MFA.

        The user can be forced to start or stop the process. The fact that it uses a key (something you have) owned by the user makes it MFA regardless of if they automate the login or force it to be manual.

        Don't try to compare it to Duo or something like that which uses "something you have" to generate "something you know." Compare it to a security USB stick like YubiKey. It's a direct "something you have" 2FA in that sense.

        1 Reply Last reply Reply Quote 1
        • 1
        • 2
        • 2 / 2
        • First post
          Last post