Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing Terminal Server for outside logins

Status
Not open for further replies.
dougnc

dougnc

Programmer
Sep 2, 2001
62
US
The owners want to be able to get on the network from any location, like their vacation homes on the shore :).

I'm fairly experienced with Server 2000 and terminal services, but I'm wanting to set this up with maximum security, considering the limitations that I can't limit IP's.

I've ordered a seperate server for this. We have a cisco pix firewall. What I want to do is route the terminal server accesses from the outside thru this server, and limit the logins to just a few. One concern is that employees who have logins to the main network not be able to login from the outside.

Another concern is that security is pretty lax on the main server, and I want another seperate one I can monitor more thoroughly.

Any suggestions?

Thanks!
 
Sort by date Sort by votes
You know, here you have to be able to split this subjects in its components.
The issues are:
- Access
- Authentication
Authentication to TS Win2k is clear: can authenticate that user? So, via NOS you cannot sort this.
There is no way to limit the authentication of a user based on his location.
Access?
Here there are some tricks. People from outside will enter into the network via a firewall. How? I suppose VPN. Using VPN with the help of a VPN pix, it should allow you to make a set of users (2 users: TSuser, NO-TSuser) that will enter or not into the LAN. I don't know too much about Pix, but you have to check if you can say something like:
- RDP protocol forbidden for users x
or
- requests for server/network y forbidden


Gia Betiu
gia@almondeyes.net
Computer Eng. CNE 4, CNE 5, MCSE Win2K
new: (just started)
 
Upvote 0 Downvote
I'll have an outside IP dedicated to terminal services. The Pix firewall will route this outside IP to this server. That would control access.

Then, to get on the network, you'd have to authenticate thru this server.

Does that make any sense?
 
Upvote 0 Downvote
no. it will work just if those users will not be allowed to access ts server at all. and this will not depend on the user location (you restrict the right to users x, y, z to have a TS session).
if you want to have users that from inside can acces the server, but from outside not, then the firewal is the only one that could help you in the way I told you above.

Gia Betiu
gia@almondeyes.net
Computer Eng. CNE 4, CNE 5, MCSE Win2K
new: (just started)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
259
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
210
MaioMaio
MaioMaio
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
231
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
221
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top