Terminal Services Hardening >> was >> Re: Windows Remote Desktop

[jamesworld () intelligencia com]

Go into TS properties and set Security ACL's on the TS config.

Create a  deny and an allow group and audit on them.

Check your logs regularly :-)

If you want some authentication.....tunnel your TS session through a SSH 
tunnel.

There are free and low cost offerings for windows, search the net.  That 
will give you an additional level of auth + you get encryption.

-James

At 03:14 01/20/2004, erisk wrote:
> Hi all,
>
> On the topic of securing RDP i was wondering if anyone can help....
>
> So far I have done the following on one of soon to be released Terminal
> servers where we want only small amount of users to acces it from their
> homes or other remote locations:
>
> (1) Hardend box, virus, patches, strong password controls etc
> (2) Changed the default port to something way up there..
> (3) Enforced 128 bit encryption on the sessions
>
> Now everything works fine but Im still security concious and would like to
> know anymore tweeks to improve the overall security of Terminal Services.. I
> thought about two factor but we cant afford SecureID... Has anyone else got
> any other ideas or what they have done to their boxes? Something that is
> free or cheap and token based perhaps?
>
> Regards,
> Nick


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------