security

  • Thread starter Thread starter asamol_it
  • Start date Start date
A

asamol_it

Can someone direct me to links about security and terminal service...both
admin and apps mode.

Can TS run in a VPN connection over the WAN...with the VPN slow down the TS?

Thanks,
Alex
 
RDP is very secure, offers 128 bit encryption and
requires only one TCP Port (3389). The advantage of
using only RDP (if that's all you need) is you know
what's going in/out of your firewall, whereas with VPN
people can put anything down a VPN tunnel which could
clow down your WAN pipe.

VPN is great to connect physically disconnected offices
for Active Directory Replication & Exchange Server
traffic, but I wouldn't implement one for road warriors
using Remote Desktop, as it can shlow their connections
quite a bit.

Anytime you add overhead you'll slow down traffic, but
will user's notice, this depends on whether it's a fat
WAN Pipe or dial-up.

RDP Sessions can operate on as little as 26.4Kbps
connections, however with VPN you'd be better off
watching grass grow at this speed. When I connect from
my home over 384Kbps ADSL I don't notice any slowdown
unless I enable desktop wallpaper on my session.
Printing & File Transfer work fine.

If you already have a VPN Infrastructure in place for
other things, then routing RDP traffic thru a site to
site VPN tunnel makes sense.

Patrick Rouse
Microsoft MVP - Terminal Server
 
Patrick,
Thanks for the information...however, I setup up TS on my win2k server and
login from a remote site and I had complete access to the LAN [every server
and desktop machine]... this is not good! Can some one link me to: HOW TO
set-up TS and keep access only on the TS machine. Is this done with ntfs
permissions, is that secure?
I thought the connection was great but what about security!
Thanks, Alex
 
Could you put the terminal server into a DMZ type of
situation where it is removed from the rest of your
network? Would it be possible to put this machine into a
different forest to maintain a security barrier between
the server and the rest of your farm?

-M
-----Original Message-----
Patrick,
Thanks for the information...however, I setup up TS on my win2k server and
login from a remote site and I had complete access to the LAN [every server
and desktop machine]... this is not good! Can some one link me to: HOW TO
set-up TS and keep access only on the TS machine. Is this done with ntfs
permissions, is that secure?
I thought the connection was great but what about security!
Thanks, Alex


Patrick Rouse said:
RDP is very secure, offers 128 bit encryption and
requires only one TCP Port (3389). The advantage of
using only RDP (if that's all you need) is you know
what's going in/out of your firewall, whereas with VPN
people can put anything down a VPN tunnel which could
clow down your WAN pipe.

VPN is great to connect physically disconnected offices
for Active Directory Replication & Exchange Server
traffic, but I wouldn't implement one for road warriors
using Remote Desktop, as it can shlow their connections
quite a bit.

Anytime you add overhead you'll slow down traffic, but
will user's notice, this depends on whether it's a fat
WAN Pipe or dial-up.

RDP Sessions can operate on as little as 26.4Kbps
connections, however with VPN you'd be better off
watching grass grow at this speed. When I connect from
my home over 384Kbps ADSL I don't notice any slowdown
unless I enable desktop wallpaper on my session.
Printing & File Transfer work fine.

If you already have a VPN Infrastructure in place for
other things, then routing RDP traffic thru a site to
site VPN tunnel makes sense.

Patrick Rouse
Microsoft MVP - Terminal Server
Click to expand...


.
Click to expand...
 
Back
Top