I wanted to know about security issues regarding the Win 2003 server terminal server and if its safe to open the terminal servers port and point it to my server so I can Aceess. I'm asking this since for some a certain reason I can't use VPN. So I wanted to know if it is safe to just use TS.
thanks
This conversation is currently closed to new comments.
So long as you have good passwords on all of your system accounts to that server, and you have the server patched and so forth, you should be okay. I'd offer one suggestion though: if you can setup a rule our Access Control List on your router or firewall to only allow you access from your home network, or satellite office, you'll be even better off. The server won't respond unless the request is from the static IP you reference in the ACL.
You can install TS in your local lan and point all port 3389 (TS) requested to your internal TS server. So yes it will be secure. Of course the normal hardening of any windows systems still applies (don't forget internal treasts also exists)
I have to play devil's advocate and say that you shouldn't allow TS connections over the Internet. If you have TS running and TCP port 3389 open on the Internet, then it does leave open a large attack vector into your network. All someone would need to do is run a program like TSCRACK (a Terminal Services password cracker program) against a known user account, and they would be in. Now, yes, unless you know of a valid user account (like Administrator or Guest) then you just have to run it and hope for the best! You can't enumerate user accounts over the TS connection (unlike the anonymous user enumeration that is possible over TCP port 139/445) but you could still try and guess the Administrator password. I just wouldn't do this if I were you.
I am going to run TS , but I'll Use my router port frwarding feature to change the port (at the router) and I'll connect from another port , this way i'm just a little more secure.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
2003 server terminal services!!
thanks