Security Basics mailing list archives
RE: Terminal Services over VPN
From: LordInfidel <LordInfidel () Directionweb com>
Date: Fri, 15 Aug 2003 08:32:52 -0400
It makes sense that running a program thru a vpn, over the net would be slow. With TS, you are not really running a program on your machine and then have it fetch data over the net. You are simply getting "screen refreshes" of the remote system. Which is a small amount of data. Terminal Services does have it's own encryption. But that does not compare to a good vpn. Your inclination of running a vpn and then using terminal services thru the vpn is correct. The reasoning behind a vpn is 2 fold. The first and most obvious is encryption. The second is to give remote access into the network without having to open up dangerous ports to the world. In this scenario, you can shut off 3389 at the firewall. Have a user connect to the vpn, and then have them connect to the internal IP of the TS with their TSClient. Now there is no rule that says you have to allow every port/service thru the vpn. You can always lock the vpn down to only allow traffic over 3389. Which would give a very secure scenario. Even though you are using a vpn, also use the encryption inside TS. You can never be too safe. LordInfidel -----Original Message----- From: David Y. Ng [mailto:dng () cmhsweb org] Sent: Thursday, August 14, 2003 3:43 PM To: security-basics () securityfocus com Subject: Terminal Services over VPN Has anyone used Terminal Services over Microsoft's VPN server? I need to run some program off the server and when I used just the VPN, it was terribly slow. The solution on paper is to run the program off Terminal Services and just let it pass through the VPN which could be faster, supposedly. Any experiences with this? Is Terminal Services in itself secure? I read there's some form of encryption also but is it comparable to VPN in a way? --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Terminal Services over VPN David Y. Ng (Aug 14)
- Re: Terminal Services over VPN David Moisan (Aug 15)
- Re: Terminal Services over VPN Peter Van Eeckhoutte (Aug 15)
- Re: Terminal Services over VPN Paul Farag (Aug 16)
- Re: Terminal Services over VPN Ansgar Wiechers (Aug 18)
- <Possible follow-ups>
- RE: Terminal Services over VPN Geoffrey Shorter (Aug 15)
- Re: Terminal Services over VPN Craig Janssen (Aug 15)
- Re: Terminal Services over VPN Jaymz Ringler (Aug 15)
- RE: Terminal Services over VPN LordInfidel (Aug 15)
- RE: Terminal Services over VPN Filip Maertens (Aug 15)
- RE: Terminal Services over VPN Meidinger Chris (Aug 15)
- RE: Terminal Services over VPN Han Valk (Aug 18)
- Re: Terminal Services over VPN Chris Berry (Aug 18)
- Re: Terminal Services over VPN Tomasz Barbaszewski (Aug 27)