Terminal Server secure implementation

[juanp]

Hi all,

I want to install Terminal server in the lan so Users
can log in from home and connect to there pc's.

I need to implement a secure way so I read that TS
will encrypt all the traffic between the client and
server with RCA Rc4 and a key of 128 bit so Its a vpn.
why many companies first installed a vpn client on the
custumers pc to connect to a cisco pix and then after
ther connection is established they open up terminal
client and connect to the terminal server.

I dont see the benefits of encrypting twice the data..
I thing that using just the Ts encryption is enough to
establish a vpn over the internet also changing the
default 3389 port and puting the TS server in the dmz.

Am I wrong?

Thanks,

Juan

 

[Steve Riley [MSFT]]

No, TS over the Internet isn't a VPN. It is, however, one of several forms
of remote access to information on your network.

TS over the Internet is perfectly acceptable, provided that you secure it
correctly. By default, RDP authenticates the client to the server, but
doesn't authenticate the server to the client. To avoid the potential for a
man-in-the-middle attack, you need to enable mutual authentication.

This requires Windows Server 2003 SP 1 configured to use TLS for server
authentication and data encryption, RDP 5.2 on the clients, and some other
prerequisites. See http://support.microsoft.com/?id=895433 for more details.

Steve Riley
(e-mail address removed)
http://blogs.technet.com/steriley