Security Basics mailing list archives

RE: Terminal Services over VPN

From: LordInfidel <LordInfidel () Directionweb com>
Date: Fri, 15 Aug 2003 08:32:52 -0400

It makes sense that running a program thru a vpn, over the net would be
slow.
With TS, you are not really running a program on your machine and then have
it fetch data
over the net.  You are simply getting "screen refreshes" of the remote
system.  Which
is a small amount of data.

Terminal Services does have it's own encryption.  But that does not compare
to a good vpn.
Your inclination of running a vpn and then using terminal services thru the
vpn is correct.

The reasoning behind a vpn is 2 fold.  The first and most obvious is
encryption.  The second
is to give remote access into the network without having to open up
dangerous ports to the world.

In this scenario, you can shut off 3389 at the firewall.  Have a user
connect to the vpn, and then
have them connect to the internal IP of the TS with their TSClient.

Now there is no rule that says you have to allow every port/service thru the
vpn.  You can always
lock the vpn down to only allow traffic over 3389.  Which would give a very
secure scenario.

Even though you are using a vpn, also use the encryption inside TS.  You can
never be too safe.

LordInfidel

-----Original Message-----
From: David Y. Ng [mailto:dng () cmhsweb org]
Sent: Thursday, August 14, 2003 3:43 PM
To: security-basics () securityfocus com
Subject: Terminal Services over VPN


Has anyone used Terminal Services over Microsoft's VPN
server? I need to run some program off the server and when I
used just the VPN, it was terribly slow. The solution on paper
is to run the program off Terminal Services and just let it
pass through the VPN which could be faster, supposedly.

Any experiences with this? Is Terminal Services in itself
secure? I read there's some form of encryption also but
is it comparable to VPN in a way?


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Terminal Services over VPN David Y. Ng (Aug 14)
- Re: Terminal Services over VPN David Moisan (Aug 15)
- Re: Terminal Services over VPN Peter Van Eeckhoutte (Aug 15)
- Re: Terminal Services over VPN Paul Farag (Aug 16)
  - Re: Terminal Services over VPN Ansgar Wiechers (Aug 18)
- <Possible follow-ups>
- RE: Terminal Services over VPN Geoffrey Shorter (Aug 15)
- Re: Terminal Services over VPN Craig Janssen (Aug 15)
  - Re: Terminal Services over VPN Jaymz Ringler (Aug 15)
- RE: Terminal Services over VPN LordInfidel (Aug 15)
- RE: Terminal Services over VPN Filip Maertens (Aug 15)
- RE: Terminal Services over VPN Meidinger Chris (Aug 15)
- RE: Terminal Services over VPN Han Valk (Aug 18)
- Re: Terminal Services over VPN Chris Berry (Aug 18)
- Re: Terminal Services over VPN Tomasz Barbaszewski (Aug 27)