Guest gh Posted September 5, 2008 Posted September 5, 2008 We have several users who connect to our server, using TS, over an internet connection. We have noticed that there have been a lot of users trying to get into our server, using TS. We need to secure it better and would like to know if we can use certificates, on the clients PC to authenticate them? TIA
Guest Patrick Rouse Posted September 6, 2008 Posted September 6, 2008 RE: TS\Windows2003Server I wouldn't expose a Terminal Server directly to the Internet. Computer certificates could be used but depolying these is difficult. What I would recommend is the most common way to provide secure remote access to Terminal Servers: 1. Place an SSL Reverse Proxy in your DMZ 2. Have users access the Terminal Server(s) on the private network via the server/device in the DMZ. With this access method users never have direct access to your Terminal Servers, and all access is proxied by the computer in the DMZ. There are zero ports open from the public Internet (untrusted network) to the corporate (private) network. Examples of this type of access are: Server 2008 TS Gateway Provision Networks Secure-IT Citrix Secure Gateway If you want even more security, consider implementing secondary authentication like SecureID or SafeWord in addition to using the SSL Reverse Proxy. -- Patrick C. Rouse Microsoft MVP - Terminal Server Systems Consultant Quest Software, Provision Networks Division Virtual Client Solutions http://www.provisionnetworks.com "gh" wrote: > We have several users who connect to our server, using TS, over an > internet connection. We have noticed that there have been a lot of > users trying to get into our server, using TS. We need to secure it > better and would like to know if we can use certificates, on the clients > PC to authenticate them? > > TIA >
Recommended Posts