How do I address security concerns with Terminal Services?

By simon.mirams ·
I want to persuade some of our insurance clients to use our applications over terminal services but they have resisted in the past on security grounds. They seem to consider opening up a port to be too risky and would rather have a web version of the product.

Has anyone come across or created a document/presentation that would help me convince them that this is a secure solution?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Internet security

by jdmercha In reply to How do I address security ...

The larger security concern is the data transmitetd over the Internet. Both Terminal Services and web applications can send the same sensitive data. If you use a VPN to encrypt the data, then it doesn't matter which you use.

Collapse -

Perception is reality

by simon.mirams In reply to Internet security

In theory terminal services is more secure since you are only sending bitmaps of the screen rather than real data. However, it is not perceived that way. Perhaps because they already have access for internet but for terminal services they will need to open another hole in the firewall and this is seen as a risk.
So my problem is how to handle this objection from a security concious client.

Collapse -

Terminal services is often implemented improperly

by georgeou In reply to How do I address security ...

You need to enable TLS authentication (with a valid digital certificate and DNS entry on the server) with AES encryption. Most people have not implemented this and it is dangerous to run Terminal Services without this kind of setup.

Furthermore - even if Terminal Services is configured properly - you need to decide as a matter of policy if you want any computer in the entire world to connect to your PC remotely. That in itself can be considered dangerous if you have a policy that insists on a security token for a client on the public Internet. A good way to solve this requirement is to require a VPN to connect to the Terminal Server and require a physical security token to connect to the VPN.

Collapse -

Good policy - now how do I sell it?

by simon.mirams In reply to Terminal services is ofte ...

The policy sounds clear but my real issue is how to sell it to the customer. The principle benefits of delivering over terminal services rather than a pure web app are mainly with us. Has anyone come up with a good case to sell to the client which proves that this is better for them as well?

Collapse -

There is no "right" way, only the better way

by georgeou In reply to Good policy - now how do ...

In my experience, a good rich application over RDP or Citrix is much faster to deploy and use than any web-based application.

Related Discussions

Related Forums