RE: TS\Windows2003Server
I wouldn't expose a Terminal Server directly to the Internet. Computer
certificates could be used but depolying these is difficult.
What I would recommend is the most common way to provide secure remote
access to Terminal Servers:
1. Place an SSL Reverse Proxy in your DMZ
2. Have users access the Terminal Server(s) on the private network via the
server/device in the DMZ.
With this access method users never have direct access to your Terminal
Servers, and all access is proxied by the computer in the DMZ. There are
zero ports open from the public Internet (untrusted network) to the corporate
(private) network.
Examples of this type of access are:
Server 2008 TS Gateway
Provision Networks Secure-IT
Citrix Secure Gateway
If you want even more security, consider implementing secondary
authentication like SecureID or SafeWord in addition to using the SSL Reverse
Proxy.
--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Systems Consultant
Quest Software, Provision Networks Division
Virtual Client Solutions
http://www.provisionnetworks.com
"gh" wrote:
> We have several users who connect to our server, using TS, over an
> internet connection. We have noticed that there have been a lot of
> users trying to get into our server, using TS. We need to secure it
> better and would like to know if we can use certificates, on the clients
> PC to authenticate them?
>
> TIA
> 