What Is The Best Way To Secure Terminal Services?

By Cudmasters Los ·
What is the best way to secure RDP on the server.

Buy a certificate?, not really sure how that works, i have heard of 2X client, is that used for RDP, or other ways?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Self signed certificates are okay.

by Spitfire_Sysop In reply to What Is The Best Way To S ...

You can just generate a certificate yourself. The client will then be warned that the cert cannot be verified and told not to connect. You will have to configure the client side or set expectations.

Better idea:
Use a firewall in front of the Terminal Server. You should have a gateway firewall device that allows VPN tunneling. Then you don't have to publish RDP externally (something you should never do).

If you have a nice VPN then the RDP is as secure as the tunnel it travels through. You can get pretty strong encryption on the VPN.

Once connected the client will look like it is inside the network and RDP will act normally.

Collapse -

cisco client vpn

by Cudmasters Los In reply to What Is The Best Way To S ...

now when you say firewall, so i can understand better, a router has a firewall, and the terminal server or computer has a firewall, built in of coarse, is there something more specific your talking about, i hear alot of people say to put a firewall, but i've never asked what they meant.

i have cisco client vpn that i use for a ptp for 2 sites, i can have users connect the vpn and the use the local ip for login to the server. Essentially, this would be an extra step to connect correct.

1 connect vpn
2 connect thru rdp

Collapse -

Reponse To Answer

by robo_dev In reply to cisco client vpn

Using a SSL VPN would be a good solution. I use an open source app known as OpenALS (also known as adito). This runs the RDP connection as a java applet....meaning you connect via a web browser and the RDP connection is a separate browser window. The Cisco ASA ssl vpn works the same way for more $$$.

Beware that there are many hacks for native Terminal Services, so if you want to connect over the Internet, a VPN would be much more secure. I see at least a half-dozen automated attacks aimed at the standard RDP port in my firewall logs every single day.

Collapse -

correction: the product i use is called OpenVPN ALS

by robo_dev In reply to What Is The Best Way To S ...

got that bass ackwards

Related Discussions

Related Forums