Security Basics mailing list archives
Re: Terminal Services over VPN
From: Tomasz Barbaszewski <tomekb () aba krakow pl>
Date: 27 Aug 2003 12:15:30 -0000
In-Reply-To: <3F3BE632.8010108 () cmhsweb org>
Received: (qmail 16249 invoked from network); 14 Aug 2003 22:09:57 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 14 Aug 2003 22:09:57 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP id E2371A3544; Thu, 14 Aug 2003 16:08:19 -0600 (MDT) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 24935 invoked from network); 14 Aug 2003 13:38:39 -0000 Message-ID: <3F3BE632.8010108 () cmhsweb org> Date: Thu, 14 Aug 2003 15:42:42 -0400 From: "David Y. Ng" <dng () cmhsweb org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en MIME-Version: 1.0 To: security-basics () securityfocus com Subject: Terminal Services over VPN Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit
We are using IPSec in order to protect RDP transmissions. There is one trick - the best way is to do it in additional device. Personally we prepared LINUX+Free S/Wan box, which act as IPSec Gate between Thin Clients (equiped with IPSec) and MS Server. Result is very good. Server is working as usuall (w/o any changes), but all transmissions RDP Client to the IPSec Gate Box (it is standing on the server) are encrypted (even AES is possible). Solution is VERY FAST. We had testing over 100 simultaneous connections. You can use also CISCO, but it offer ~900 kpbs (w/o hardware acc.), but with Embedded Linux/Free S/Wan box you can reach easily 15-50 Mbps (I mean of course encrypted traffic). Similar idea is published as a SINA project in Germany (www.bsi.bund.de). Best regards Tomasz
Has anyone used Terminal Services over Microsoft's VPN server? I need to run some program off the server and when I used just the VPN, it was terribly slow. The solution on paper is to run the program off Terminal Services and just let it pass through the VPN which could be faster, supposedly. Any experiences with this? Is Terminal Services in itself secure? I read there's some form of encryption also but is it comparable to VPN in a way? --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: Terminal Services over VPN, (continued)
- Re: Terminal Services over VPN Paul Farag (Aug 16)
- Re: Terminal Services over VPN Ansgar Wiechers (Aug 18)
- RE: Terminal Services over VPN Geoffrey Shorter (Aug 15)
- Re: Terminal Services over VPN Craig Janssen (Aug 15)
- Re: Terminal Services over VPN Jaymz Ringler (Aug 15)
- RE: Terminal Services over VPN LordInfidel (Aug 15)
- RE: Terminal Services over VPN Filip Maertens (Aug 15)
- RE: Terminal Services over VPN Meidinger Chris (Aug 15)
- RE: Terminal Services over VPN Han Valk (Aug 18)
- Re: Terminal Services over VPN Chris Berry (Aug 18)
- Re: Terminal Services over VPN Tomasz Barbaszewski (Aug 27)
- Re: Terminal Services over VPN Paul Farag (Aug 16)