TS & Encryption

  • Thread starter Thread starter Burke
  • Start date Start date
B

Burke

Hello

We are getting ready to roll out Windows 2000 using
Terminal Services and I am just curious what some opinions
out there might be about this issue. We currently dont
have a VPN setup and it seems to me that TS should be run
over an encrypted VPN connection. I am not totally
familiar with TS's yes but any opinions would be grand.

Cheers
Burke
 
TS does encryption on the RDP traffic already - set it up to "High" under
Terminal Service Configuration, RDP-TCP connection properties. You can also
enable VPN access and then send the RDP traffic over the VPN connection.
----
Thanks,
Rakesh Chanana [MSFT]

When replying, please post to GROUP so that everyone can benefit from the
knowledge.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


--------------------
 
Burke,

I use a VPN to connect to the office for a few reasons,

1) It allows me to restrict who can log in to terminal server from home at
the moment, there are only 4 people authorised to login from home.

2) I believe it is better to present a VPN connection to the outside world
rather than a windows login screen, but it also encrypts the RDP traffic
(which is already encrptyed, it probably isnt that much more secure but it
coudlnt be less secure)

3) I have 2 servers, a dedicated TS for Apps, and a domain
controler/fileserver/print server. Using a VPN means i only have to expose
one port to the internet, and can have access to both terminal servers
without haveing to modify the listening port.

Number 1 and 3 are the main resons i use a VPN, number 2 if indeed it does
anything for security at all is really just a benefit.

Of course if your not careful you could expose your whole network to the
internet, so there is no real better way, it comes down to neccesity.
Remember, the whole network is only as secure as its weakest link, and once
you bring VPNs into it, your including that outside computer in your
network.

If you do use a VPN make sure that you enforce using the remote gateway as a
condition of using the server, if you dont want traffic to pass though your
internet connection, you can use some RRAS rules to block any non lan
traffic.

Hope that sheds some more light on it for you.

Tim Hall
 
Back
Top