Home page logo
/

basics logo Security Basics mailing list archives

Re: terminal server security vs vpn
From: Isaac Perez <suscripcions () tsolucio com>
Date: Tue, 14 Aug 2007 18:38:35 +0200

In two words Security in Depth.

If you don't mind about security, put your internal windows server
facing internet.
If you are worried about what can happens do it trough vpn.
You can have more layers of security, with strong authentication if you
need.
And exposing TS directly to internet can be dangerous if a exploit
appears for you version of windows. It's clear that a exploit can appear
for your firewall too, but firewall appliances are more suited for
facing internet that windows host. That maybe you can't harden as good
as needed in a bastion host if it is a production server for other
software.
You alsoo should consider making a DMZ if you can, so you can divide the
functions of the server that can be accessible from the internet.


El lun, 13-08-2007 a las 05:38 -0700, Juan B escribió:
Hi,

I am looking for a solution to my users so they can
log in from home and work connect to there office
pc's, of course I will use terminlal server.

My question is, why to use double encryption, why use
vpn client to connect to the corporate FW and then to
connect throw it with a ts session, AFAIK Ts is
encrypted as well and one can set the encryption to
high which is the same as VPN right?

I want to nake the connection simple to the user and
securure. do I need also a vpn client, I guess not, am
I missing something here?

I will also change the port to increase security.

Thanks a lot,

Juan 


       
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/

-- 
Isaac Perez Moncho 
GSEC, SSP-GHD, SSP-MPA, Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]