P
Peter Kaufman
How secure is a terminal services session with default policy, both
authentication and data transfer?
Thanks,
Peter
authentication and data transfer?
Thanks,
Peter
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bob Qin [MSFT]
Hi Peter,
Thanks for your posting here.
Windows 2000 Terminal Services supports three levels of encryption: Low,
Medium, and High. The default encryption level is Medium, which is likely
to be appropriate for most networks. I recommend that you use the High
encryption level. This level encrypts the data transmission in both
directions by using a 128-bit key. The High setting prevents the
possibility of a malicious computer user breaking into the network and
installing a network packet analyzer to eavesdrop on the Terminal Services
sessions.
To Secure Communications
------------------------
To modify the encryption setting:
1. Click Start, point to Programs, point to Administrative Tools, point to
Terminal Services Items, and then click Terminal Services
Configuration.
2. Start the Terminal Services Configuration snap-in in Microsoft
Management Console (MMC).
3. Click the Connections branch, and then double-click the connection whose
encryption level you want to change.
4. Click the General tab.
5. In the "Encryption level" box, click the appropriate encryption level.
6. Click OK.
NOTE: The new encryption level takes effect the next time a user logs on.
If you require multiple levels of encryption on one server, install
multiple network adapters and configure each adapter separately.
For more information, please refer to the following articles.
HOW TO: Secure Communication Between a Client and Server with Terminal
Services
http://support.microsoft.com/?id=306561
Securing Windows 2000 Terminal Services
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/win2kts/maintain/optimize/secw2kts.asp
If you have any further questions or concerns, please feel free to let us
know. It is our pleasure to be of assistance.
Have a nice day!
Regards,
Bob Qin
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Thanks for your posting here.
Windows 2000 Terminal Services supports three levels of encryption: Low,
Medium, and High. The default encryption level is Medium, which is likely
to be appropriate for most networks. I recommend that you use the High
encryption level. This level encrypts the data transmission in both
directions by using a 128-bit key. The High setting prevents the
possibility of a malicious computer user breaking into the network and
installing a network packet analyzer to eavesdrop on the Terminal Services
sessions.
To Secure Communications
------------------------
To modify the encryption setting:
1. Click Start, point to Programs, point to Administrative Tools, point to
Terminal Services Items, and then click Terminal Services
Configuration.
2. Start the Terminal Services Configuration snap-in in Microsoft
Management Console (MMC).
3. Click the Connections branch, and then double-click the connection whose
encryption level you want to change.
4. Click the General tab.
5. In the "Encryption level" box, click the appropriate encryption level.
6. Click OK.
NOTE: The new encryption level takes effect the next time a user logs on.
If you require multiple levels of encryption on one server, install
multiple network adapters and configure each adapter separately.
For more information, please refer to the following articles.
HOW TO: Secure Communication Between a Client and Server with Terminal
Services
http://support.microsoft.com/?id=306561
Securing Windows 2000 Terminal Services
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/win2kts/maintain/optimize/secw2kts.asp
If you have any further questions or concerns, please feel free to let us
know. It is our pleasure to be of assistance.
Have a nice day!
Regards,
Bob Qin
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
S
Steven L Umbach
If you force use of highest encryption it should be safe. Better yet it you
can do it through vpn or ipsec tunnel if using over the internet and use a
firewall to restrict which ip addresses that the firewall will accept
connections on port 3389. The other main concern is password policy. Again
if this is for remote administration, be sure to use complex passwords and
consider renaming the administor logon name. --- Steve
can do it through vpn or ipsec tunnel if using over the internet and use a
firewall to restrict which ip addresses that the firewall will accept
connections on port 3389. The other main concern is password policy. Again
if this is for remote administration, be sure to use complex passwords and
consider renaming the administor logon name. --- Steve
P
Peter Kaufman
Bob and Steven,
Thanks very much. You guys are great!
Peter
Thanks very much. You guys are great!
Peter