The Most Secure Way

[Guest create_share]

Hi!

 

How can we secure our Terminal Server and give access to internet users so

that they can use our ERP Application? We already have a firewall but since

TS is published on the internet behind this firewall, everybody can access

our TS just by entering the Public IP and can see our domain name in Remote

Desktop Dialog Box and can also login by guessing the username and password.

 

Thanks!

[Guest Daniel Petri]

Re: The Most Secure Way

 

Here are my $0.02. One method is to require some sort of pre-authentication

or tunnel authentication. In case of ISA for example, you can require users

to authenticate before gaining access to the published TS. As for a tunnel

authentication - use any sort of VPN method.

 

--

Sincerely,

 

Daniel Petri

MVP, Senior IT consultant, trainer

http://www.petri.co.il

 

"create_share" <create_share@hotmail.com> wrote in message

news:453926AA-D88C-4766-A0BF-8FEAB910276A@microsoft.com...

> Hi!

>

> How can we secure our Terminal Server and give access to internet users so

> that they can use our ERP Application? We already have a firewall but

> since TS is published on the internet behind this firewall, everybody can

> access our TS just by entering the Public IP and can see our domain name

> in Remote Desktop Dialog Box and can also login by guessing the username

> and password.

>

> Thanks!

[Guest moncho]

Re: The Most Secure Way

 

create_share wrote:

> Hi!

>

> How can we secure our Terminal Server and give access to internet users

> so that they can use our ERP Application? We already have a firewall but

> since TS is published on the internet behind this firewall, everybody

> can access our TS just by entering the Public IP and can see our domain

> name in Remote Desktop Dialog Box and can also login by guessing the

> username and password.

>

> Thanks!

 

I second Daniel's $.02 recommendation and I'll add an extra $.01 to that.

 

You may want to look into an SSL-VPN.

 

moncho

[Guest Patrick Rouse]

Re: The Most Secure Way

 

You could also use a 3rd party solution that installs on top of Terminal

Services and includes an SSL Gateway, Customizable Web Portal and Application

Publishing, so you don't have to open port 3389 to the public Internet, and

users connecting wouldn't be able to access any applications if you didn't

specifically assign them to these users.

 

Vendors that make such products include Provision Networks, Ericom, Citrix....

 

 

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

SE, West Coast USA & Canada

Quest Software, Provision Networks Division

Virtual Client Solutions

http://www.provisionnetworks.com

 

 

"moncho" wrote:

> create_share wrote:

> > Hi!

> >

> > How can we secure our Terminal Server and give access to internet users

> > so that they can use our ERP Application? We already have a firewall but

> > since TS is published on the internet behind this firewall, everybody

> > can access our TS just by entering the Public IP and can see our domain

> > name in Remote Desktop Dialog Box and can also login by guessing the

> > username and password.

> >

> > Thanks!

>

> I second Daniel's $.02 recommendation and I'll add an extra $.01 to that.

>

> You may want to look into an SSL-VPN.

>

> moncho

>