Re: TS Security Issue

---

• From: "AndreZ" <shmoes@xxxxxxxxxxx>
• Date: Tue, 28 Feb 2006 11:56:38 -0800

---

They're concerned not only for other clients, but for the data they hold for
us as well.. with our username/password being our only security to the TS,
someone being able to get through that login would have access to that
server automaticly..

so what i've done is i've restricted login attempts to 3 for a thirty minute
lockout .. as well as set a password character minimum .. but they don't
feel that is enough..




"Jeff Pitsch [MVP]" <jeff@xxxxxxxxxxxxxxxxx> wrote in message
news:eXYPQpJPGHA.3864@xxxxxxxxxxxxxxxxxxxxxxx

I guess I"m missing something becaues I don't understand what the issue

is.

Are they concerned about the tunnel or single users having acces? why

can'

they simply segment their network so no companies can access each other?

Jeff Pitsch
Microsoft MVP - Terminal Services
http://www.sbcgatekeeper.com
Your Terminal Services Security Website


"AndreZ" <shmoes@xxxxxxxxxxx> wrote in message
news:u2lTTmJPGHA.3264@xxxxxxxxxxxxxxxxxxxxxxx

Yes, they're giving us a site to site tunnel.. Unfortunatley, getting a
new
ASP is not an option, the management team has already signed agreements,
as
they're also the developers of the application we will be using.


"Jeff Pitsch [MVP]" <jeff@xxxxxxxxxxxxxxxxx> wrote in message
news:%23ke46gJPGHA.3888@xxxxxxxxxxxxxxxxxxxxxxx

So let me get this straight, because they do not know how to implement

a

secure network that is somehow your problem? I would seriously think

about

getting a different ASP.

Or am I misunderstanding something. they are allowing you to have a

site

to

site vpn tunnel correct? the ASP should easily be able to segment each
customer without any interference.

Jeff Pitsch
Microsoft MVP - Terminal Services
http://www.sbcgatekeeper.com
Your Terminal Services Security Website

"AndreZ" <shmoes@xxxxxxxxxxx> wrote in message
news:O8iiVTJPGHA.3360@xxxxxxxxxxxxxxxxxxxxxxx

well, they claim they have security between our information and other
customer information, the problem they have is our "mimimal" security
measure (as they put it) allows a user access to thier network, which
is

a

huge security bypass. They've made a suggestion to require remote TS

users

to have a VPN connection before they're allowed to TS into the server
..
effectively disallowing any direct remote connection to the TS

server..

the
problem I have with that is that limits the sales reps to the

computers

they
have .. and they don't have the technical knowledge to setup a VPN on

the

fly.



"Jeff Pitsch [MVP]" <jeff@xxxxxxxxxxxxxxxxx> wrote in message
news:%23a%233mnIPGHA.2012@xxxxxxxxxxxxxxxxxxxxxxx

Isn't hte ASP in control of the security to their servers? Why

aren't

they

telling you how they want it done instead of leaving it up to you?

I

guess

I'm confused on how your supposed to make it more secure when the

servers

are on their end and in their control.

Jeff Pitsch
Microsoft MVP - Terminal Services
http://www.sbcgatekeeper.com
Your Terminal Services Security Website

"AndreZ" <shmoes@xxxxxxxxxxx> wrote in message
news:%23tUOciIPGHA.3144@xxxxxxxxxxxxxxxxxxxxxxx

Ok, so here's the deal .. we're going to be using a new

application

which

will be hosted by an ASP, we will have access to that ASP via a

VPN

allowable from our location only. The problem the ASP has is
because

our

only security is username/password to log into the TS server they

don't

feel
that's enough protection for thier exsisting clients.

I'm not sure really what else to do at this point to secure it..
One
thing
I can think of is being able to identify the difference between a

user

that's on TS on-site and a user that's on TS remotely .. then we

could

possibly restrict the VPN accordingly.. I'm just not sure how it

would

be

done..

Or if anyone else has other ideas, i'm open to listen to anything

at

this

point.

Thanks.

.

---

• Follow-Ups:
  • Re: TS Security Issue
    • From: Vera Noest [MVP]

• References:
  • TS Security Issue
    • From: AndreZ
  • Re: TS Security Issue
    • From: Jeff Pitsch [MVP]
  • Re: TS Security Issue
    • From: AndreZ
  • Re: TS Security Issue
    • From: Jeff Pitsch [MVP]
  • Re: TS Security Issue
    • From: AndreZ
  • Re: TS Security Issue
    • From: Jeff Pitsch [MVP]

• Prev by Date: Re: Best Programming Practice?
• Next by Date: Re: Logon to domain via TS server -- how to?
• Previous by thread: Re: TS Security Issue
• Next by thread: Re: TS Security Issue
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: TS Security Issue ... and acceptible connection methods (unless they're contractually obligated to ... terminal servers: ... Your Terminal Services Security Website ... (microsoft.public.windows.terminal_services) Re: TS Security Issue ... Are they concerned about the tunnel or single users having acces? ... Your Terminal Services Security Website ... (microsoft.public.windows.terminal_services) Re: TS Security Issue ... secure network that is somehow your problem? ... Your Terminal Services Security Website ... to have a VPN connection before they're allowed to TS into the server .. ... (microsoft.public.windows.terminal_services) Re: TS Security Issue ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Your Terminal Services Security Website ... (microsoft.public.windows.terminal_services) Re: TS Security Issue ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Your Terminal Services Security Website ... (microsoft.public.windows.terminal_services)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.terminal_services  > 2006-02