Re: TS Security Issue

So let me get this straight, because they do not know how to implement a
secure network that is somehow your problem? I would seriously think about
getting a different ASP.

Or am I misunderstanding something. they are allowing you to have a site to
site vpn tunnel correct? the ASP should easily be able to segment each
customer without any interference.

Jeff Pitsch
Microsoft MVP - Terminal Services
http://www.sbcgatekeeper.com
Your Terminal Services Security Website

"AndreZ" <shmoes@xxxxxxxxxxx> wrote in message
news:O8iiVTJPGHA.3360@xxxxxxxxxxxxxxxxxxxxxxx
well, they claim they have security between our information and other
customer information, the problem they have is our "mimimal" security
measure (as they put it) allows a user access to thier network, which is a
huge security bypass. They've made a suggestion to require remote TS users
to have a VPN connection before they're allowed to TS into the server ..
effectively disallowing any direct remote connection to the TS server..
the
problem I have with that is that limits the sales reps to the computers
they
have .. and they don't have the technical knowledge to setup a VPN on the
fly.



"Jeff Pitsch [MVP]" <jeff@xxxxxxxxxxxxxxxxx> wrote in message
news:%23a%233mnIPGHA.2012@xxxxxxxxxxxxxxxxxxxxxxx
Isn't hte ASP in control of the security to their servers? Why aren't
they
telling you how they want it done instead of leaving it up to you? I
guess
I'm confused on how your supposed to make it more secure when the servers
are on their end and in their control.

Jeff Pitsch
Microsoft MVP - Terminal Services
http://www.sbcgatekeeper.com
Your Terminal Services Security Website

"AndreZ" <shmoes@xxxxxxxxxxx> wrote in message
news:%23tUOciIPGHA.3144@xxxxxxxxxxxxxxxxxxxxxxx
Ok, so here's the deal .. we're going to be using a new application
which
will be hosted by an ASP, we will have access to that ASP via a VPN
allowable from our location only. The problem the ASP has is because
our
only security is username/password to log into the TS server they don't
feel
that's enough protection for thier exsisting clients.

I'm not sure really what else to do at this point to secure it.. One
thing
I can think of is being able to identify the difference between a user
that's on TS on-site and a user that's on TS remotely .. then we could
possibly restrict the VPN accordingly.. I'm just not sure how it would
be
done..

Or if anyone else has other ideas, i'm open to listen to anything at
this
point.

Thanks.








.

Relevant Pages

  • Re: TS Security Issue
    ... and acceptible connection methods (unless they're contractually obligated to ... terminal servers: ... Your Terminal Services Security Website ...
    (microsoft.public.windows.terminal_services)
  • Re: TS Security Issue
    ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Your Terminal Services Security Website ...
    (microsoft.public.windows.terminal_services)
  • Re: VPN with Linksys
    ... This is probably about optimising Terminal Services over VPN. ... the remote site and sending print jobs or copying files back and forth. ... location connects to the terminal server to run the main office software. ...
    (microsoft.public.windows.server.general)
  • Re: TS Security Issue
    ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Your Terminal Services Security Website ...
    (microsoft.public.windows.terminal_services)
  • RE: VPN?
    ... Terminal services licensing is only required if terminal ... >you use NTLM V2 and is simple to setup. ... >then you'll want to use L2TP/IPSec VPN, ...
    (microsoft.public.win2000.termserv.apps)