Solved

Security of Terminal Services (maintaining, configuring)

Posted on 2002-07-15
5
135 Views
Last Modified: 2010-04-13
Given an existing system running apps with Terminal Services, what are the security concerns, and what is best way to address them?

This is more relevant to auditing and managing configuration of existing system than seeking alternatives.

Am more interested in real world experience and behavior than simple theory, but I could always use a few more links to good documents or websites currently dealing with same issues.
0
Comment
Question by:SunBow
  • 3
5 Comments
 
LVL 2

Accepted Solution

by:
edmonds_robert earned 50 total points
Comment Utility
The main security concern is the fact that with terminal services, the user is logging on locally to the server.  So they have the same permissions on files on that server as if they had come in to your computer room, sat down at the server and logged in.  You MUST ensure proper file level security.  What I have done in the past is created very strict policies on the server, letting them have access to only what is absolutely necessary.  For example, I have totally eliminated any desktop icons, given them a custom start menu, etc. so they have only what I want them to have.  I would look at Citrix if you have the money.  It lets you take terminal services much farther, letting you publish applications to desktops automatically, running apps in web browsers and many other advanced features depending on which version you purchase.  Hope I have have helped at least a little.
0
 
LVL 24

Author Comment

by:SunBow
Comment Utility
Nice. Plan. But, say I have an admin who claims to have sort of done all that. Now I want you to review my company, and let me know how well we've all done. Or rather, more realistic, prepare for that review of another. Web access is important, as legacy applications are moving there, to leverage use of browser to remotely access centralized store, while TS provides the commonality of client.

[this is rather a man-in-middle question. say, one person configured, a security team is going to ask a third party (someone I know) about some details. Looking to prepare the man-in-middle, unwary 3rd party, for what to expect; assume this is more an audit type question than one of planning or design or implementation]

How best to ascertain, to assess some vulnerability, or what have you.  But perhaps you have something there, in not leaving too much, in assumptions, to those who manage applications

(as fyi, we did do citrix on NT, before. but that is another topic)
0
 
LVL 24

Author Comment

by:SunBow
Comment Utility
Notice:
I intend to close this, as it is not progressing, and I no longer have pressing need. To date, the other parties are not getting too specific on terminal services per se, but are spinning wheels on old issues regarding site security. The site's been hardened again and again, continually. So I consider first comment as sufficient.

I likely have further questions as this develops, but will likely run them in another TA, such as networking. For anyone else having interest or potential contribution wanting a notif, just add a simple "listening" remark below, and I'll drop a link here if it develops.
0
 
LVL 24

Author Comment

by:SunBow
Comment Utility
I'd like to think there's a better 'answer' to be had, for this database, (unsure that it warrants A on own) but it may be sufficient, I got none better, and if nothing else, I've benefitted from edmonds_robert elsewhere.

Closing.
0
 

Expert Comment

by:NEA123
Comment Utility
Hi,

You wanted a link - this is what we do

www.neanco.com

Pervasive security - will also fix your terminal services security issue.

Take a look.

/NEA
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now