The Most Secure Way

  • Thread starter Thread starter create_share
  • Start date Start date
C

create_share

Guest
Hi!

How can we secure our Terminal Server and give access to internet users so
that they can use our ERP Application? We already have a firewall but since
TS is published on the internet behind this firewall, everybody can access
our TS just by entering the Public IP and can see our domain name in Remote
Desktop Dialog Box and can also login by guessing the username and password.

Thanks!
 
Re: The Most Secure Way

Here are my $0.02. One method is to require some sort of pre-authentication
or tunnel authentication. In case of ISA for example, you can require users
to authenticate before gaining access to the published TS. As for a tunnel
authentication - use any sort of VPN method.

--
Sincerely,

Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il

"create_share" <create_share@hotmail.com> wrote in message
news:453926AA-D88C-4766-A0BF-8FEAB910276A@microsoft.com...
> Hi!
>
> How can we secure our Terminal Server and give access to internet users so
> that they can use our ERP Application? We already have a firewall but
> since TS is published on the internet behind this firewall, everybody can
> access our TS just by entering the Public IP and can see our domain name
> in Remote Desktop Dialog Box and can also login by guessing the username
> and password.
>
> Thanks!
 
Re: The Most Secure Way

create_share wrote:
> Hi!
>
> How can we secure our Terminal Server and give access to internet users
> so that they can use our ERP Application? We already have a firewall but
> since TS is published on the internet behind this firewall, everybody
> can access our TS just by entering the Public IP and can see our domain
> name in Remote Desktop Dialog Box and can also login by guessing the
> username and password.
>
> Thanks!

I second Daniel's $.02 recommendation and I'll add an extra $.01 to that.

You may want to look into an SSL-VPN.

moncho
 
Re: The Most Secure Way

You could also use a 3rd party solution that installs on top of Terminal
Services and includes an SSL Gateway, Customizable Web Portal and Application
Publishing, so you don't have to open port 3389 to the public Internet, and
users connecting wouldn't be able to access any applications if you didn't
specifically assign them to these users.

Vendors that make such products include Provision Networks, Ericom, Citrix....


--
Patrick C. Rouse
Microsoft MVP - Terminal Server
SE, West Coast USA & Canada
Quest Software, Provision Networks Division
Virtual Client Solutions
http://www.provisionnetworks.com


"moncho" wrote:

> create_share wrote:
> > Hi!
> >
> > How can we secure our Terminal Server and give access to internet users
> > so that they can use our ERP Application? We already have a firewall but
> > since TS is published on the internet behind this firewall, everybody
> > can access our TS just by entering the Public IP and can see our domain
> > name in Remote Desktop Dialog Box and can also login by guessing the
> > username and password.
> >
> > Thanks!
>
> I second Daniel's $.02 recommendation and I'll add an extra $.01 to that.
>
> You may want to look into an SSL-VPN.
>
> moncho
>
 

Similar threads

T
Windows Server OS (2008, 2012, 2016) continues to use the old DNS addresses
Replies
0
Views
272
Todd Eichmann
T
BSchwarz
Windows 11 Introducing Windows 11
Replies
0
Views
1,086
BSchwarz
BSchwarz
M
ONSCREEN Spark puts Zoom calls on your TV – save 5% at Amazon
Replies
0
Views
129
Maren Estrada
M
C
This is one of the biggest Spider-Man: No Way Home leaks yet
Replies
0
Views
134
Chris Smith
C
C
Recommended way of encrypted low latency communication between 2 .NET WinForm application on different PCs
Replies
0
Views
119
CleverIT
C
Back
Top