Is TSAC via Web Secure?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Well CEO of the company wants all the sales people to
connect to the Terminal Server session via web
from...anywhere. He doesnt want them to use vpn. The idea
is to login to the terminal server from any pc outside of
office and use Terminal Server.

Which ports do I have to open to have outside access to
the Terminal Server thru Web? port 3389? or port 80 or
both?

Second question is ... what security threats do I expose
my network to by allowing access to Term Serv thru web?
How safe is it? How can I make it more secure?

Any help will be highly appreciated.
Thanks
 
You need to open TCP Port 3389 to the Terminal Server and Port 80 or 443 (HTTP or HTTPS) to the server hosting the Remote Desktop Web Connection (RDWC).

If you'll be requiring logon credentials to access the RDWC, then you should consider using SSL or Windows Authentication, but NOT unencrypted plain text. The Remote Desktop Web Connection is just a delivery mechanism for the Remote Desktop Active-X Client, so once they've connected to the Terminal Server the IIS Server is out of the loop and all traffic between client & TS happens via RDP

RDP Traffic is encrypted as stated here
By default, connections to terminal servers are secured by 128-bit, bi-directional RC4 encryption—when used with a client that supports 128-bit. (RDC is 128-bit by default). It is possible to connect with older clients using encryption lower than 128-bit, unless it’s specified that only high-encryption clients are allowed. An additional encryption level, labeled “FIPS Compliant†has been added to Terminal Server in Windows Server 2003. This level of security encrypts data sent from the client to the server, and from the server to the client, with the Federal Information Processing Standard (FIPS) encryption algorithms using Microsoft cryptographic modules. This new level of encryption is designed to provide compliance for organizations that require systems to be compliant with FIPS 140-1 (1994) and FIPS 140-2 (2001) standards for Security Requirements for Cryptographic Modules.

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co


----- (e-mail address removed) wrote: ----

Well CEO of the company wants all the sales people to
connect to the Terminal Server session via web
from...anywhere. He doesnt want them to use vpn. The idea
is to login to the terminal server from any pc outside of
office and use Terminal Server

Which ports do I have to open to have outside access to
the Terminal Server thru Web? port 3389? or port 80 or
both

Second question is ... what security threats do I expose
my network to by allowing access to Term Serv thru web?
How safe is it? How can I make it more secure

Any help will be highly appreciated
Thank
 
Back
Top