TermServer internet exposed security risk?

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

I have terminal server (2000) on the internet with behind
a router with a static IP with the router forwarding 3389.

While i know that encryption can be increased for packets
transmitted is it not a security risk allowing anyone on
the net to access the login prompt? Is there a way
around this. Ie can i somehow generate some keys on the
server to be copied onto the clients so only the PC's
with they key(s) can get to the login, or am i too
paranoid?

I have the Server set to disable login after 6 failed
attempts for 1 hr but im still concerned, now easier is
2000 terminal server to hack?
 
You might want a firewall then...you can restrict which
IPs can access the terminal services logon prompt then.
For that matter, you can use a VPN solution to further
encrypt and tunnel your connections to only certain people.

Just off the top of my head, you could use the TSVer
utility (came with the Windows 2000 Resource Kit) to only
allow certain versions of the RDP client to connect to the
logon prompt, and then just give out a customized version
of your RDP client to certain people.

Try this link for info about tsver and customized versions:
http://terminal.servebeer.com/php/change_client_build.php

-M
 
Thanks for that.

I'll look into the RDP client option as clients are
dyanmic IP's for the time being until DSL contracts are
up :)
 
Back
Top