Announcement

Collapse
No announcement yet.

How Secure is TS sessions across the Internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How Secure is TS sessions across the Internet

    Hi All

    We have deployed TS across our internal network for remote stations and testing labs so they can have dual purpose, but I have also deployed it on to one of our live Internet based IP's running on port 80.

    I have used Windows builtin firewall on server 2003 to allow access via our designated subnets and some external IP's at remote locations all connecting via the RDP client on port 80, I have set encrypyion levels to high via the TS manager, but my question is how secure it TS across live Internet connections or I am best trying to employ a VPN around the TS session.

    Any advise on this would be great.

    Many Thanks

    Chris

  • #2
    Re: How Secure is TS sessions across the Internet

    VPN allow you to eploy multi stages of users logon = There may be X user + password to logon to the VPN and there Y user + password to logon to the TS.
    You can also use amrt card etc. to connect to the VPN so the best answer for security point of view is to deploy VPN (or SSL VPN).
    Another option is to deploy the network as it but this will open the network to auto login attemps. You can try to secure this deploy scanrio with:

    1. Limit the ports and IP's that have access to the TS (via firewall or IPSEC filters).

    2. Publish TS by using ISA 2004 + Install Firewall for ISA on it.

    3. Deploy certificate authntication of the TS server (you will need Win 2003 SP1 for it) and use FIPS ciphering (require XP clients with RDP 5.2 or Mobile 5.0 clients) clients.

    4. Use password policy and so on.

    Terminal Server and Group Policy:


    How to apply Group Policy objects to Terminal Services servers

    http://support.microsoft.com/default...b;EN-US;260370

    Loopback Processing of Group Policy

    http://support.microsoft.com/?kbid=231287

    Security Settings - Software Restrictions

    http://www.computerperformance.co.uk...strictions.htm

    Introduction to Group Policy in Windows Server 2003

    http://www.microsoft.com/windowsserv...w/gpintro.mspx

    Windows Server 2003 Security Guide

    http://www.microsoft.com/downloads/d...displaylang=en

    Windows 2003 - Group Policy WMI Filters

    http://www.computerperformance.co.uk...MI_filters.htm


    Add on tools:


    User Profile Hive Cleanup Service

    http://www.microsoft.com/downloads/d...displaylang=en

    Regards,

    Yuval
    Last edited by yuval14; 13th October 2005, 00:18.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: How Secure is TS sessions across the Internet

      Cheers lots to read up on, but as the system basically stands port 80 on the server is closed to all other IP addresses that are not listed in the original firewall ruling so for the interim should it be able to offer a good level of security until I can get SSL enabled connections and certificate distribution server deployed.

      One other question is the RDP client thatís shipped with XP SP2 does this offer 128bit encryption automatically.

      Cheers

      Comment


      • #4
        Re: How Secure is TS sessions across the Internet

        You will need the RDP 5.2 for certificate authentication:

        http://www.microsoft.com/technet/pro...d6146977b.mspx
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment

        Working...
        X