Azure hosting or similar
+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Posts 21 to 27 of 27
  1. #21

    Should post faster


    Join Date
    May 2007
    Posts
    135
    Thanks (Given)
    0
    Thanks (Received)
    1
    Likes (Given)
    0
    Likes (Received)
    4

    Default

    https://amazonlightsail.com/

    Windows Server:
    2 GB Memory
    1 Core Processor
    50 GB SSD Disk
    3 TB Data Transfer*

    $30 / 22.95 a month

    EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
    Last edited by Dante; 3rd November 2017 at 15:54.

  2. #22

    More time posting than coding


    Join Date
    Jun 2007
    Posts
    449
    Thanks (Given)
    0
    Thanks (Received)
    1
    Likes (Given)
    0
    Likes (Received)
    4

    Default

    Quote Originally Posted by Dante View Post
    https://amazonlightsail.com/

    Windows Server:
    2 GB Memory
    1 Core Processor
    50 GB SSD Disk
    3 TB Data Transfer*

    $30 / 22.95 a month

    EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
    This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
    Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...

  3. #23

    More time posting than coding


    Join Date
    Feb 2017
    Posts
    288
    Thanks (Given)
    84
    Thanks (Received)
    10
    Likes (Given)
    508
    Likes (Received)
    39

    Default

    Quote Originally Posted by Spoiler View Post
    This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
    Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...
    Yep, just install remote desktop gateway on the same server, and set up Duo. I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).

  4. #24

    More time posting than coding


    Join Date
    Feb 2017
    Posts
    288
    Thanks (Given)
    84
    Thanks (Received)
    10
    Likes (Given)
    508
    Likes (Received)
    39

  5. #25

    More time posting than coding


    Join Date
    Jun 2007
    Posts
    449
    Thanks (Given)
    0
    Thanks (Received)
    1
    Likes (Given)
    0
    Likes (Received)
    4

    Default

    Quote Originally Posted by SeanT View Post
    I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).
    Just trying to figure out exactly how that would work ...

    Spin up a Linux box in Lightsail, and run OpenVPN server on it.
    Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
    Then, connect to VPN Server from home PC and run RDP over it.
    If the admin account was secured with 2FA, then I'm still reliant on that working okay.
    If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
    Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???

  6. #26

    More time posting than coding


    Join Date
    Feb 2017
    Posts
    288
    Thanks (Given)
    84
    Thanks (Received)
    10
    Likes (Given)
    508
    Likes (Received)
    39

    Default

    Quote Originally Posted by Spoiler View Post
    Just trying to figure out exactly how that would work ...

    Spin up a Linux box in Lightsail, and run OpenVPN server on it.
    Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
    Then, connect to VPN Server from home PC and run RDP over it.
    If the admin account was secured with 2FA, then I'm still reliant on that working okay.
    If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
    Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???
    Windows firewall:

    RD Gateway on 443 open to the world.
    RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

    Normal user access: RD via RD Gateway and Duo
    Admin user backdoor: VPN auth with certificate / key, RDP direct to server

  7. #27

    More time posting than coding


    Join Date
    Jun 2007
    Posts
    449
    Thanks (Given)
    0
    Thanks (Received)
    1
    Likes (Given)
    0
    Likes (Received)
    4

    Default

    Quote Originally Posted by SeanT View Post
    Windows firewall:

    RD Gateway on 443 open to the world.
    RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

    Normal user access: RD via RD Gateway and Duo
    Admin user backdoor: VPN auth with certificate / key, RDP direct to server
    Thanks for the clarification

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.