Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Security of Terminal Services (maintaining, configuring)

Posted on 2002-07-15
5
Medium Priority
?
144 Views
Last Modified: 2010-04-13
Given an existing system running apps with Terminal Services, what are the security concerns, and what is best way to address them?

This is more relevant to auditing and managing configuration of existing system than seeking alternatives.

Am more interested in real world experience and behavior than simple theory, but I could always use a few more links to good documents or websites currently dealing with same issues.
0
Comment
Question by:SunBow
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
edmonds_robert earned 200 total points
ID: 7155684
The main security concern is the fact that with terminal services, the user is logging on locally to the server.  So they have the same permissions on files on that server as if they had come in to your computer room, sat down at the server and logged in.  You MUST ensure proper file level security.  What I have done in the past is created very strict policies on the server, letting them have access to only what is absolutely necessary.  For example, I have totally eliminated any desktop icons, given them a custom start menu, etc. so they have only what I want them to have.  I would look at Citrix if you have the money.  It lets you take terminal services much farther, letting you publish applications to desktops automatically, running apps in web browsers and many other advanced features depending on which version you purchase.  Hope I have have helped at least a little.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7161118
Nice. Plan. But, say I have an admin who claims to have sort of done all that. Now I want you to review my company, and let me know how well we've all done. Or rather, more realistic, prepare for that review of another. Web access is important, as legacy applications are moving there, to leverage use of browser to remotely access centralized store, while TS provides the commonality of client.

[this is rather a man-in-middle question. say, one person configured, a security team is going to ask a third party (someone I know) about some details. Looking to prepare the man-in-middle, unwary 3rd party, for what to expect; assume this is more an audit type question than one of planning or design or implementation]

How best to ascertain, to assess some vulnerability, or what have you.  But perhaps you have something there, in not leaving too much, in assumptions, to those who manage applications

(as fyi, we did do citrix on NT, before. but that is another topic)
0
 
LVL 24

Author Comment

by:SunBow
ID: 7177622
Notice:
I intend to close this, as it is not progressing, and I no longer have pressing need. To date, the other parties are not getting too specific on terminal services per se, but are spinning wheels on old issues regarding site security. The site's been hardened again and again, continually. So I consider first comment as sufficient.

I likely have further questions as this develops, but will likely run them in another TA, such as networking. For anyone else having interest or potential contribution wanting a notif, just add a simple "listening" remark below, and I'll drop a link here if it develops.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7191109
I'd like to think there's a better 'answer' to be had, for this database, (unsure that it warrants A on own) but it may be sufficient, I got none better, and if nothing else, I've benefitted from edmonds_robert elsewhere.

Closing.
0
 

Expert Comment

by:NEA123
ID: 7881311
Hi,

You wanted a link - this is what we do

www.neanco.com

Pervasive security - will also fix your terminal services security issue.

Take a look.

/NEA
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question