Re: TS in a DMZ
From: Edmund Davis (edmund_davis_at_nospam.hotmail.com)
Date: 02/05/04
- Next message: Keith: "Re: TS in a DMZ"
- Previous message: Edmund Davis: "Re: Best way ? ?"
- In reply to: Keith: "TS in a DMZ"
- Next in thread: Keith: "Re: TS in a DMZ"
- Reply: Keith: "Re: TS in a DMZ"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 5 Feb 2004 15:45:29 -0000
Hi Keith,
My opinion is that it's certainly possible but probably isn't secure -
especially if you are running a web server on the same system.
In order to do it, you would have to create a rule in the firewall to allow
traffic (Netbios, kerberos etc) from the terminal server to the internal
network which would obviously also allow traffic from the web server to the
internal network so, if the web server was compromised, it could be used to
attach the internal network.
Security is not an exact science so there may be other opinions but I
suggest that you can publish a terminal server (using just port 3389) but
you would want to make sure that it wasn't accessible in any other way -
http or otherwise.
Regards,
"Keith" <@.> wrote in message news:O7AAed86DHA.2056@TK2MSFTNGP10.phx.gbl...
> I have a spare server here that I was going to install 2k on and put it in
> my DMZ to use as a web server.
>
> I just got to thinking whether it would be possible without breaching DMZ
> security to put Terminal Services on this machine in such a way that a
user
> logging into TS could access their resources (files/email/printers)
located
> on a server on our LAN.
>
> Any one know if this is (a) possible and (b) secure?
- Next message: Keith: "Re: TS in a DMZ"
- Previous message: Edmund Davis: "Re: Best way ? ?"
- In reply to: Keith: "TS in a DMZ"
- Next in thread: Keith: "Re: TS in a DMZ"
- Reply: Keith: "Re: TS in a DMZ"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
