General discussion

Locked

2003 server terminal services!!

By Navjun ·
I wanted to know about security issues regarding the Win 2003 server terminal server and if its safe to open the terminal servers port and point it to my server so I can Aceess. I'm asking this since for some a certain reason I can't use VPN. So I wanted to know if it is safe to just use TS.

thanks

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Mikel~T In reply to 2003 server terminal serv ...

So long as you have good passwords on all of your system accounts to that server, and you have the server patched and so forth, you should be okay. I'd offer one suggestion though: if you can setup a rule our Access Control List on your router or firewall to only allow you access from your home network, or satellite office, you'll be even better off. The server won't respond unless the request is from the static IP you reference in the ACL.

Hope this helps.

Mike

Collapse -

by Navjun In reply to

Poster rated this answer.

Collapse -

by Curacao_Dejavu In reply to 2003 server terminal serv ...

You can install TS in your local lan and point all port 3389 (TS) requested to your internal TS server.
So yes it will be secure.
Of course the normal hardening of any windows systems still applies (don't forget internal treasts also exists)

Leopold

Collapse -

by Navjun In reply to

Poster rated this answer.

Collapse -

by Joseph Moore In reply to 2003 server terminal serv ...

I have to play devil's advocate and say that you shouldn't allow TS connections over the Internet.
If you have TS running and TCP port 3389 open on the Internet, then it does leave open a large attack vector into your network. All someone would need to do is run a program like TSCRACK (a Terminal Services password cracker program) against a known user account, and they would be in. Now, yes, unless you know of a valid user account (like Administrator or Guest) then you just have to run it and hope for the best! You can't enumerate user accounts over the TS connection (unlike the anonymous user enumeration that is possible over TCP port 139/445) but you could still try and guess the Administrator password.
I just wouldn't do this if I were you.

Collapse -

by Navjun In reply to

Thank you for your responds,

I am going to run TS , but I'll Use my router port frwarding feature to change the port (at the router) and I'll connect from another port , this way i'm just a little more secure.

THanks again

Collapse -

by Navjun In reply to 2003 server terminal serv ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums