Terminal Services Security

[Paul McGuire]

Next week i am in need to remotely access my network. The easiest for me it
to open the firewall for port 3389 to the ipaddress of the server. If i set
the security on the terminal server to High which should be 128 bit
encryption is this going to be secure? I understand that the user name and
password needs to be a hard password to guess. I have only allowed the
administrator accound the right to terminal service in via AD. Is there
anything else to consider?

TIA

Paul McGuire

 

[Steven L Umbach]

TS will be encrypted over the internet. If possible it would be more secure
to tunnel in through a L2TP VPN connection to the server because L2TP will
allow connections only from computers with a valid computer certificate.
Having said that I have used TS/RDP over the internet directly many times.
Security can also be greatly enhanced if you can configure your firewall to
accept connections to port 3389 TCP from only certain IP addresses though
that may not be possible if you are going to access from places that you
have no idea what the source IP address will be such as hotels. I suggest
you also rename the administrator account or disable if from being able to
use RDP and instead create another administrator account to use as those
that find port 3389 TCP open will try to logon as administrator if your
firewall allows a connection from their IP. --- Steve