Solved

Security of Terminal Services (maintaining, configuring)

Posted on 2002-07-15
5
138 Views
Last Modified: 2010-04-13
Given an existing system running apps with Terminal Services, what are the security concerns, and what is best way to address them?

This is more relevant to auditing and managing configuration of existing system than seeking alternatives.

Am more interested in real world experience and behavior than simple theory, but I could always use a few more links to good documents or websites currently dealing with same issues.
0
Comment
Question by:SunBow
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
edmonds_robert earned 50 total points
ID: 7155684
The main security concern is the fact that with terminal services, the user is logging on locally to the server.  So they have the same permissions on files on that server as if they had come in to your computer room, sat down at the server and logged in.  You MUST ensure proper file level security.  What I have done in the past is created very strict policies on the server, letting them have access to only what is absolutely necessary.  For example, I have totally eliminated any desktop icons, given them a custom start menu, etc. so they have only what I want them to have.  I would look at Citrix if you have the money.  It lets you take terminal services much farther, letting you publish applications to desktops automatically, running apps in web browsers and many other advanced features depending on which version you purchase.  Hope I have have helped at least a little.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7161118
Nice. Plan. But, say I have an admin who claims to have sort of done all that. Now I want you to review my company, and let me know how well we've all done. Or rather, more realistic, prepare for that review of another. Web access is important, as legacy applications are moving there, to leverage use of browser to remotely access centralized store, while TS provides the commonality of client.

[this is rather a man-in-middle question. say, one person configured, a security team is going to ask a third party (someone I know) about some details. Looking to prepare the man-in-middle, unwary 3rd party, for what to expect; assume this is more an audit type question than one of planning or design or implementation]

How best to ascertain, to assess some vulnerability, or what have you.  But perhaps you have something there, in not leaving too much, in assumptions, to those who manage applications

(as fyi, we did do citrix on NT, before. but that is another topic)
0
 
LVL 24

Author Comment

by:SunBow
ID: 7177622
Notice:
I intend to close this, as it is not progressing, and I no longer have pressing need. To date, the other parties are not getting too specific on terminal services per se, but are spinning wheels on old issues regarding site security. The site's been hardened again and again, continually. So I consider first comment as sufficient.

I likely have further questions as this develops, but will likely run them in another TA, such as networking. For anyone else having interest or potential contribution wanting a notif, just add a simple "listening" remark below, and I'll drop a link here if it develops.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7191109
I'd like to think there's a better 'answer' to be had, for this database, (unsure that it warrants A on own) but it may be sufficient, I got none better, and if nothing else, I've benefitted from edmonds_robert elsewhere.

Closing.
0
 

Expert Comment

by:NEA123
ID: 7881311
Hi,

You wanted a link - this is what we do

www.neanco.com

Pervasive security - will also fix your terminal services security issue.

Take a look.

/NEA
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cursor typing problems 5 47
Networking: Change of existing Domain Controller (NT to win 2008) 6 945
Norton Ghost for Windows NT 5 1,493
Running Baan iV on VMware 3 162
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Some of the SEO trends we might expect in 2017.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question