[geeks] Terminal Services security
Jonathan C. Patschke
jp at celestrion.net
Tue Feb 10 14:17:23 CST 2004
On Tue, 10 Feb 2004, Kevin wrote:
> Is it considered "safe" by most, to have MS Terminal
> Services unfiltered and directly internet facing?
No. It is encrypted and generally well thought-out, but it is still an
MS product--an MS product that allows remote administrator access, no
less.
> Personally, i don't think that having any MS OS directly
> facing the net is a wise decision, but our payroll processor
> seems to think that Win2k Terminal Services is some type of
> impenetrable fortress.
He's a payroll processor, not a network administrator. If shit hits the
fan, he won't be the person they wake up at 2am to fix stuff. Of COURSE
he thinks it's a good idea.
> I'm just looking for other's opinions/experiences.
I'd couple it with IPsec. Even Microsoft IPsec is better than direct
unfettered admistrator access. If you're running Active Directory,
IPsec is so easy to set up that there's really no excuse to not be
running it for any sort of remote access.
--
Jonathan Patschke ) "Being on the Internet is not the same as being
Elgin, TX ( famous. That's like calling Cheetos 'dinner'."
USA ) --Metal Steve
More information about the geeks
mailing list