Security for Roaming Users

Security for Roaming Users

I am evaluating Desktop Central in my environment currently.  I have a Central server setup on our LAN and a distribution server setup in our DMZ.  I have setup a Remote Office called "External Connectivity" for all off-LAN computers to connect through a DS in the DMZ.  I have an IP scope setup for our LAN and have the default Remote Site set to "External Connectivity"  We have many users that never come into the office.  I have changed the default port to come across port 443.  This is opened in our firewall.  When users come into the site, they access the LAN server directly and when they travel they access the server in the DMZ over https.  Everything works great. 

I have one problem though.

It seems that when I browse to this server using a normal web browser over the internet I am able to see the "Index of /" page and all the replication data on the DS.  And if browse into  https://servername/client-data/1/domains/domain/meta-data.xml I am able to see our NetBIOS domain name.  Also, it appears that software packages and other inventory information would be easily accessible through this directory structure.

Is this expected or do I have something configured incorrectly?  Is there a way to put some security on it.  Maybe some form of authentication?  

I ask because I'm not sure how comfortable I would be using this software knowing that this information is so easily obtainable.

Perhaps there is another more secure method for getting roaming laptop user's agents to check in.  The main requirement is that they need to connect over port 443, since many of the sites (not owned by us) where we have employees block outgoing traffic on other non-web traffic ports.  And we don't want to use VPN for this since we have a difficult time getting our staff to connect them on a regular basis.

Thanks for the help!

                New to ADSelfService Plus?