Vulnerability / Virus

[Guest]

Is there any significant vulnerability when allowing unknown computers to
access a Terminal Server via Remote Desktop? We are currently allowing
user’s access with a company provided laptop, but the thought is to allow
employees to access to the server from their home computers. My concern is
mainly that they could infect the server with a virus / Trojan.

There is no way that we could control whether or not their machines have the
latest virus protection files etc... Are there any security issues we should
be aware of?

 

[Guest]

I don't believe there's a virus/trojan that goes from the local computer,
over the rdp connection, to the server. The greatest danger is letting users
surf the web on the server, then you have to constantly be monitoring the
server for spyware.

 

[Lucvdv]

I don't believe there's a virus/trojan that goes from the local computer,
over the rdp connection, to the server. The greatest danger is letting users
surf the web on the server, then you have to constantly be monitoring the
server for spyware.

But be careful with installing anti-spyware products on the server,
there's at least one (Webroot SpySweeper) that can render terminal
services unaccessible.

Symptoms: one connection can be made after boot, from the second attempt
on you get an error message "Attempt to send a message to a disconnected
communication port", event ID 55, in the server's event log.

I had the problem, and Google came up with this:
http://www.computing.net/windows2000/wwwboard/forum/62214.html

After I did as the poster indicated in the second message, the problem
went away. It could be an (un)lucky coincidence, but that would make at
least two of them.