Web Based Access to W2k TS

[Matthew Harris [MVP]]

answers are inline...

-----Original Message-----

Security Q's :
1. The problem is we are not altogether sure how secure
this solution is. Anyone got Suggestions?

You can configure the amount of encryption on the RDP data
streak through the terminal services configuration. 128-
bit encryption is available, which is pretty strong. You
can run it through a VPN, but the additional security may
not be worth it, since 128-bit encryption is already very
secure.

2. Secondly if its not secure what can we do to resolve
this without purchasing additonal HW & SW. If Possible!!

See the above answer.

Ideally what I want is users to authenticate prior to
authenticating with the domain. (Can't use the firwall
because it using one to one NAT)

Any help would be appreciated.

AD

Well, if you absolutely need prior authentication, then a
VPN solution may be your best bet. However, you may just
want to get a smarter firewall that only allows certain
people from IP addresses access to your system(s).

-M

 

[ACD]

Thanks Matthew

Yeah we tested using only specific IP addresses but found
it too restrictive, users will not necessarily log on from
the same place.

As I'm not a hacker, does anyone know the likely hood of a
hacker actually figuring out the IP address and the port
number we use for RDP, then being able to hack on to the
domain. The firewall is configured not to allow ping or
any other utils, only http & rdp are enabled.

Thanks in advance.

 

[Mark Mancini]

keep a good password security policy and 3 attempts before lockout.
otherwise, smart card.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com