TS Web Security

G

Guest

I would like everyone to share their thoughts on this probable configuration.
I'm aware that the most secure method of deploying TSweb for external access
is more than likely VPN. However, I have potentially 200 users that will
need to connect. The administrative overhead of VPN would stretch our limited
staff to it's capacity.

I decided to set TSweb up on the DMZ of a PIX firewall. I will only allow
external RDP traffic to that particular device. To ensure security I will
configure policy for only two login attempts and check the security logs on
an ongoing basis. Most importantly I will continously monitor the RDP
security vulnerabilites. I like second opinions so can someone provide me
with a critque?

Thanks
 
D

-=D@n=-

shauncarter1 said:
I would like everyone to share their thoughts on this probable
configuration. I'm aware that the most secure method of deploying
TSweb for external access is more than likely VPN. However, I have
potentially 200 users that will need to connect. The administrative
overhead of VPN would stretch our limited staff to it's capacity.

I decided to set TSweb up on the DMZ of a PIX firewall. I will only
allow external RDP traffic to that particular device. To ensure
security I will configure policy for only two login attempts and
check the security logs on an ongoing basis. Most importantly I will
continously monitor the RDP security vulnerabilites. I like second
opinions so can someone provide me with a critque?

Thanks
Click to expand...

Hi Shaun

I'm in a similar situation to you, but with a few less users. We host
applications for our customers, so VPN was out of the question due to the
same reasons you state. Our PIX lets through port 80 for the web page, and
port 22xxx (not telling you;) ) for RDP. You can change the listening port
on the server from 3389, and the web client can be changed using the
'MsRdpClient.AdvancedSettings2.RDPPort = "xxxx"' setting. At least then if
anyone sniffing sees an open port, it won't be as obvious what it is.

Other than that, decent passwords, and a beady eye, there's not much you can
do.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Determining security practice for TS access 2
rdp security + 2 factor authentication 3
Terminal Server secure implementation 1
VPN L2TP/IPSEC 2
Protocol Error 0x1104 connecting to 2003 Servers 9
XP Service Pack 3 Release Cand. 2 (Build 3311) TS Web ActiveX issu 4
multiple TS Servers 2
Web Server - User Access and Priviledges. 1

Top