Re: terminal server security vs vpn

[Isaac Perez <suscripcions () tsolucio com>]

In two words Security in Depth.

If you don't mind about security, put your internal windows server
facing internet.
If you are worried about what can happens do it trough vpn.
You can have more layers of security, with strong authentication if you
need.
And exposing TS directly to internet can be dangerous if a exploit
appears for you version of windows. It's clear that a exploit can appear
for your firewall too, but firewall appliances are more suited for
facing internet that windows host. That maybe you can't harden as good
as needed in a bastion host if it is a production server for other
software.
You alsoo should consider making a DMZ if you can, so you can divide the
functions of the server that can be accessible from the internet.


El lun, 13-08-2007 a las 05:38 -0700, Juan B escribió:
> Hi,
>
> I am looking for a solution to my users so they can
> log in from home and work connect to there office
> pc's, of course I will use terminlal server.
>
> My question is, why to use double encryption, why use
> vpn client to connect to the corporate FW and then to
> connect throw it with a ts session, AFAIK Ts is
> encrypted as well and one can set the encryption to
> high which is the same as VPN right?
>
> I want to nake the connection simple to the user and
> securure. do I need also a vpn client, I guess not, am
> I missing something here?
>
> I will also change the port to increase security.
>
> Thanks a lot,
>
> Juan 
>
>
>        
> ____________________________________________________________________________________
> Need a vacation? Get great deals
> to amazing places on Yahoo! Travel.
> http://travel.yahoo.com/
-- 
Isaac Perez Moncho 
GSEC, SSP-GHD, SSP-MPA, Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com