Solved

Security of Terminal Services (maintaining, configuring)

Posted on 2002-07-15
5
139 Views
Last Modified: 2010-04-13
Given an existing system running apps with Terminal Services, what are the security concerns, and what is best way to address them?

This is more relevant to auditing and managing configuration of existing system than seeking alternatives.

Am more interested in real world experience and behavior than simple theory, but I could always use a few more links to good documents or websites currently dealing with same issues.
0
Comment
Question by:SunBow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
edmonds_robert earned 50 total points
ID: 7155684
The main security concern is the fact that with terminal services, the user is logging on locally to the server.  So they have the same permissions on files on that server as if they had come in to your computer room, sat down at the server and logged in.  You MUST ensure proper file level security.  What I have done in the past is created very strict policies on the server, letting them have access to only what is absolutely necessary.  For example, I have totally eliminated any desktop icons, given them a custom start menu, etc. so they have only what I want them to have.  I would look at Citrix if you have the money.  It lets you take terminal services much farther, letting you publish applications to desktops automatically, running apps in web browsers and many other advanced features depending on which version you purchase.  Hope I have have helped at least a little.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7161118
Nice. Plan. But, say I have an admin who claims to have sort of done all that. Now I want you to review my company, and let me know how well we've all done. Or rather, more realistic, prepare for that review of another. Web access is important, as legacy applications are moving there, to leverage use of browser to remotely access centralized store, while TS provides the commonality of client.

[this is rather a man-in-middle question. say, one person configured, a security team is going to ask a third party (someone I know) about some details. Looking to prepare the man-in-middle, unwary 3rd party, for what to expect; assume this is more an audit type question than one of planning or design or implementation]

How best to ascertain, to assess some vulnerability, or what have you.  But perhaps you have something there, in not leaving too much, in assumptions, to those who manage applications

(as fyi, we did do citrix on NT, before. but that is another topic)
0
 
LVL 24

Author Comment

by:SunBow
ID: 7177622
Notice:
I intend to close this, as it is not progressing, and I no longer have pressing need. To date, the other parties are not getting too specific on terminal services per se, but are spinning wheels on old issues regarding site security. The site's been hardened again and again, continually. So I consider first comment as sufficient.

I likely have further questions as this develops, but will likely run them in another TA, such as networking. For anyone else having interest or potential contribution wanting a notif, just add a simple "listening" remark below, and I'll drop a link here if it develops.
0
 
LVL 24

Author Comment

by:SunBow
ID: 7191109
I'd like to think there's a better 'answer' to be had, for this database, (unsure that it warrants A on own) but it may be sufficient, I got none better, and if nothing else, I've benefitted from edmonds_robert elsewhere.

Closing.
0
 

Expert Comment

by:NEA123
ID: 7881311
Hi,

You wanted a link - this is what we do

www.neanco.com

Pervasive security - will also fix your terminal services security issue.

Take a look.

/NEA
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
While it may be true that the internet is a place of possibilities, it is also a hostile environment lurking with many dangers. By clicking on the wrong link, trusting the wrong person or using a weak password, you are virtually inviting hackers to …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question