Is TSAC via Web Secure?

G

Guest

Well CEO of the company wants all the sales people to
connect to the Terminal Server session via web
from...anywhere. He doesnt want them to use vpn. The idea
is to login to the terminal server from any pc outside of
office and use Terminal Server.

Which ports do I have to open to have outside access to
the Terminal Server thru Web? port 3389? or port 80 or
both?

Second question is ... what security threats do I expose
my network to by allowing access to Term Serv thru web?
How safe is it? How can I make it more secure?

Any help will be highly appreciated.
Thanks
 
G

Guest

You need to open TCP Port 3389 to the Terminal Server and Port 80 or 443 (HTTP or HTTPS) to the server hosting the Remote Desktop Web Connection (RDWC).

If you'll be requiring logon credentials to access the RDWC, then you should consider using SSL or Windows Authentication, but NOT unencrypted plain text. The Remote Desktop Web Connection is just a delivery mechanism for the Remote Desktop Active-X Client, so once they've connected to the Terminal Server the IIS Server is out of the loop and all traffic between client & TS happens via RDP

RDP Traffic is encrypted as stated here
By default, connections to terminal servers are secured by 128-bit, bi-directional RC4 encryption—when used with a client that supports 128-bit. (RDC is 128-bit by default). It is possible to connect with older clients using encryption lower than 128-bit, unless it’s specified that only high-encryption clients are allowed. An additional encryption level, labeled “FIPS Compliant†has been added to Terminal Server in Windows Server 2003. This level of security encrypts data sent from the client to the server, and from the server to the client, with the Federal Information Processing Standard (FIPS) encryption algorithms using Microsoft cryptographic modules. This new level of encryption is designed to provide compliance for organizations that require systems to be compliant with FIPS 140-1 (1994) and FIPS 140-2 (2001) standards for Security Requirements for Cryptographic Modules.

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co


----- (e-mail address removed) wrote: ----

Well CEO of the company wants all the sales people to
connect to the Terminal Server session via web
from...anywhere. He doesnt want them to use vpn. The idea
is to login to the terminal server from any pc outside of
office and use Terminal Server

Which ports do I have to open to have outside access to
the Terminal Server thru Web? port 3389? or port 80 or
both

Second question is ... what security threats do I expose
my network to by allowing access to Term Serv thru web?
How safe is it? How can I make it more secure

Any help will be highly appreciated
Thank
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

rdp client over internet 3
Allow only specific computers to access via Web TSAC 5
tsweb over firewall 1
How do I Block all traffic except RDP traffic to Terminal Server 2
Remote Desktop WebClient 1
multiple logins 1
Alternate port for Remote Desktop Web Connection ActiveX control 1
tcpip printing thru Terminal Services 1

Top