Security Basics mailing list archives
Re: terminal server security vs vpn
From: Isaac Perez <suscripcions () tsolucio com>
Date: Tue, 14 Aug 2007 18:38:35 +0200
In two words Security in Depth. If you don't mind about security, put your internal windows server facing internet. If you are worried about what can happens do it trough vpn. You can have more layers of security, with strong authentication if you need. And exposing TS directly to internet can be dangerous if a exploit appears for you version of windows. It's clear that a exploit can appear for your firewall too, but firewall appliances are more suited for facing internet that windows host. That maybe you can't harden as good as needed in a bastion host if it is a production server for other software. You alsoo should consider making a DMZ if you can, so you can divide the functions of the server that can be accessible from the internet. El lun, 13-08-2007 a las 05:38 -0700, Juan B escribió:
Hi, I am looking for a solution to my users so they can log in from home and work connect to there office pc's, of course I will use terminlal server. My question is, why to use double encryption, why use vpn client to connect to the corporate FW and then to connect throw it with a ts session, AFAIK Ts is encrypted as well and one can set the encryption to high which is the same as VPN right? I want to nake the connection simple to the user and securure. do I need also a vpn client, I guess not, am I missing something here? I will also change the port to increase security. Thanks a lot, Juan ____________________________________________________________________________________ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/
-- Isaac Perez Moncho GSEC, SSP-GHD, SSP-MPA, Microsoft MCP. JPL TSolucio S.L www.tsolucio.com
Current thread:
- terminal server security vs vpn Juan B (Aug 13)
- Re: terminal server security vs vpn Chris Barber (Aug 13)
- RE: terminal server security vs vpn Brent Kern (Aug 14)
- Re: terminal server security vs vpn Ansgar -59cobalt- Wiechers (Aug 14)
- RE: terminal server security vs vpn Chandresh Dedhia (Aug 14)
- RE: terminal server security vs vpn Brent Kern (Aug 14)
- RE: terminal server security vs vpn Beauford, Jason (Aug 13)
- Re: terminal server security vs vpn Deno Vichas (Aug 13)
- RE: terminal server security vs vpn Mngadi, Simphiwe (SS) (Aug 14)
- Re: terminal server security vs vpn Isaac Perez (Aug 14)
- Re: terminal server security vs vpn Brian Loe (Aug 14)
- <Possible follow-ups>
- Re: terminal server security vs vpn abhicc285 (Aug 14)
- Re: terminal server security vs vpn nobledark (Aug 14)
- Re: terminal server security vs vpn Chris Barber (Aug 13)