Re: Remote terminal service - Comments

From: "Jeff Pitsch" <jeff@xxxxxxxxxxxxxxxxx>
Date: Mon, 19 Dec 2005 16:07:37 -0500

I have not put anything up on external access to the terminal servers. I am
consistent in my comments on never allowing direct access to any server from
the Internet. If you search on my thousands of posts, you will see that I
never advocate that. There are many many solutions out there that allow
external access without exposing your servers to the internet. In this day
and age, does anyone truly believe that allowing this is a good idea? I'm
surprised that people even do this at all with everything that is ever
written, talked about, reported, etc on sites getting cracked every day,
espeically high security sites and this guy thinks that a 9 character
password is going to prevent his server from getting hacked. I'm sorry but
this is conversation that really shouldn't even be happening.

Jeff Pitsch
http://www.sbcgatekeeper.com
Your Terminal Services Security Website

"Frankster" <Frank@xxxxxxxxxxxxxx> wrote in message
news:KKOdnXefo7AAejvenZ2dnUVZ_s2dnZ2d@xxxxxxxxxxxxxxx
>> Not secure at all.
>
> Jeff,
>
> After reading some info on your site (not all), including your two
> downloadable files (ppt briefs), it seems that your approach to securing
> TS can be summed us as mostly "OS Hardening". Or "Network Hardening".
> Basically, using server built-in controls to harden the installation.
>
> Is that right?
>
> -Frank
>

.

Follow-Ups:
- Re: Remote terminal service - Comments
  - From: Frankster
- Re: Remote terminal service - Comments
  - From: myname

References:
- Remote terminal service - Comments
  - From: myname
- Re: Remote terminal service - Comments
  - From: Jeff Pitsch
- Re: Remote terminal service - Comments
  - From: Frankster

Prev by Date: Re: can not log in to TS
Next by Date: Re: Viewing all Processes
Previous by thread: Re: Remote terminal service - Comments
Next by thread: Re: Remote terminal service - Comments
Index(es):
- Date
- Thread

Relevant Pages

Re: Cannot see license server
... and the Terminal Servers is running 2003. ... >> servers are running Windows 2003 Server. ... >> access the license server may have been removed. ... > OK, that might well be the cause (tightened security, I mean). ...
(microsoft.public.windows.terminal_services)
Re: Cannot see license server
... >> But this situation will arise if the DC (= TS Licensing Server) ... and the Terminal Servers is running 2003. ... >> 279561 - How to Override the License Server Discovery Process ... OK, that might well be the cause (tightened security, I mean). ...
(microsoft.public.windows.terminal_services)
Re: New Domain
... >current domain name is xxxxx.local (no external access) ... >I want to add our www.xxxxx.com to this server and send and receive emails ... Add the domain name to the recipient policy and make it the primary ... server to the SMTP Virtual Server's property page. ...
(microsoft.public.exchange.admin)
Re: Where are JSP session variables stored?
... If the session object is stored only in RAM, ... If it's stored in persistent storage, ... all of this is occuring on the server side, ... I'm presuming that the server is secured from external access in ...
(comp.lang.java.programmer)
Re: RWW not working
... The easiest way to fix this is to re-run CEICW and, when the wizard asks, make sure you tell it to allow external access. ... SBS 2003 server: ... are not allowed to access the Web site, and the IP address of your browsing ...
(microsoft.public.windows.server.sbs)