Security Basics mailing list archives
RE: Terminal services
From: "Boaz Shunami" <BoazS () comsecglobal com>
Date: Thu, 2 Oct 2008 23:38:42 +0300
Hi Fernando, Some pointers you may like to consider: 1. Will these users be trusted? If not, you may want to move the server outside your network/dmz to a segregated location. 2. Using terminal services means the users will be on your network, from remote. It also means that other entities, attackers for instance may take advantage of this connection. Best Regards, Boaz Shunami, QSA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: Wednesday, October 01, 2008 10:19 AM To: security-basics () securityfocus com Subject: Re: Terminal services Hi Velzaf, I guess this article can help you with your problem: How Secure are Windows Terminal Services? Link: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html --- Nikhil Wagholikar Practice Lead | Security Assessment & Digital Forensics NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html On Wed, Oct 1, 2008 at 1:31 AM, <velzaf () hotmail com> wrote:
Hi guys I need an opiniĆ³n from you related to terminal services. I need to provide a solution to allow some external clients to connect via Internet to a specific application. Those clients will use a laptop that don't belong to the enterprise, in fact they are not secure clients and we don't have any contact with the computers they connect with just to configure the connection. I have been thinking about the use of VPN, but I am not sure because their insecurity, I think TLS could be an option but I have not experience implementing that sort of solution, and I worry about their using several tools like tsgrinder or something like that. I know I need to restrict their options to the maximum maybe using Active directory. The server is Windows Server 2003 The clients could be xp or Vista. I would like to know your opinion Thanks in advance. Atte, Fernando Velazco.
********************************************************************************************** IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof. *** eSafe scanned this email for viruses, vandals, and malicious content. *** **********************************************************************************************
Current thread:
- Re: Terminal services Rodrigo Blanco (Oct 01)
- RES: Terminal services Gilberto Fernandes (Oct 01)
- <Possible follow-ups>
- Re: Terminal services Nikhil Wagholikar (Oct 01)
- RE: Terminal services Boaz Shunami (Oct 02)
- Re: Terminal services velzaf (Oct 01)
- Re: Terminal services Dante Signal31 (Oct 10)
- RE: Terminal services Landriault, Yan (Oct 10)
- Re: Terminal services Dante Signal31 (Oct 10)