• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3804
  • Last Modified:

terminal services WAN security

I have a few questions about terminal services. I have been using pcanywhere when I need to remote into our servers through the internet. I would like to use terminals services but I was wondering about security. Everywhere I have read its being claimed that terminal services is very secure to use through the internet. What kind of encryption does terminal services use?

I have a sonicwall with VPN capabilities. I was going to use vpn to gain LAN through the internet and then use terminal services for remote desktop (just for ease of use for multiple terminal server computers) would this be more secure than just using port forwarding and opening up the firewall for terminal services on port 3389.

Also what about licensing? From what  I can understand on Microsoft's website it says that if I have 50 server 2000 cals then this allows me to run 50 client terminal services?

Thanks,
AD
0
illtbagu
Asked:
illtbagu
  • 4
  • 2
  • 2
  • +6
3 Solutions
 
Pete LongTechnical ConsultantCommented:
Hi illtbagu,
As far as licencing, you are allowed two  concurrent connections to EACH server for remote administration.

PeteL
0
 
Pete LongTechnical ConsultantCommented:
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
illtbaguAuthor Commented:
I got the port part if you noticed in my opening post :)
I was just wondering about any security issues there are with terminal services? including using terminal services over the WAN (internet). Only myself and 1 other will be using this service, and we will only be using it for remote desktop. Also on the windows NT machine I have Im not seeing this as a option to add or remove from the windows NT setup under add remove program files like in server 2000. how can I get my hands on terminal services for NT. Is this something that gets installed during the initial install of NT.

Also 1 other thing. I tried to install terminal server under add remove windows 2000 components on 1 of the server 2000 machines running service pack 3 and its asking for the service pack 3 disk. I do not have the disk. when i browsed for the files its asking for they are not all on the machine. how can i get this installed.

Thanks,
AD
0
 
Pete LongTechnical ConsultantCommented:
>>machine. how can i get this installed.
You need to find the i386 directory and point it at that either on the CD of another server, I always copy the i386 directory to my servers C:\ drive to negate this problem

>>I was just wondering about any security issues

Well opening any port on the firewall is a security risk, but bear in mind by default only admins can log on, as long as you keep it like this you should be OK, you can let individual users log in for remote administration but I usually do this on a user to user basis

Pete
0
 
SunBowCommented:
> Everywhere I have read its being claimed that terminal services is very secure to use through the internet

Nothing is secure on internet, that is as exposed as you can get.

Try this for list of ports for supporting users other than yourself:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/exchange/exchange2000/reskit/resguide/appendb.asp
0
 
SunBowCommented:
> Microsoft's website it says that if I have 50 server 2000 cals then this allows me to run 50 client terminal services?

OK, and remember that is above and beyond any desktop licensing, not to mention the applications themselves, which would be what? eMail?
0
 
jeffkearnsCommented:
> I have a sonicwall with VPN capabilities...

If you have access to a VPN, then use it. There is no comparison - don't open the ports.

> what about licensing...

There are two types of licenses for Windows 2000: regular CALs and those for Terminal Services. If you plan to only use TS for remote administration, it's a moot point. The TS licenses only apply to non-administrator accounts or if you need more than two people to log in at a time. Just make sure to pick the remote administration mode when setting it up.

> on the windows NT machine...

For NT you would have to have a special version of NT. If TS isn't already there, you won't be able to add it. Stick with pcANYWHERE.

> its asking for the service pack 3 disk...

Either follow PetLong's advice above or re-download the service pack from Microsoft. Also, SP4 has been out for a long time. Now might be a good time to install it.

Jeff
0
 
jbuelingCommented:
Hi Iltbagu.  
To answer you questions, no, term server is not a secure method of sending information over the internet.  
What MS reccommends is wrapping your term server session in IPSec to encrypt the connection:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315055
All the best,
  John
0
 
illtbaguAuthor Commented:
John or anyone for that matter help,

I created and assigned the new policy using Microsoft's suggestion like john had suggested, but it seems that only 1 policy can be assigned at a time. When I assigned the new policy I created it turned off any existing policy that might have been assigned. As of right now there is 4 policies
client (respond only)
secure server (requires security)
server (request security)
and the 1 I created secure terminal service connection

How can I tell what policies were previously assigned if any. Why can I only assign 1 policy.

Thanks,
AD
0
 
dahc521Commented:
I use Sonicwall VPN and TS also.  If you are tunneled, then you are secure.  I use remote desktop when I'm off-site.  If I don't have access to the VPN key, I use the live addy that NAT's to my TS box.  You can also use TSWeb, which is really cool, too.  
If you run your 2000 or newer box in Administration mode, you can TS in with one session for remote administration which I am almost certain only requires a 2000 Server CAL, not a TS CAL.  
0
 
NetMasterXCommented:
What ports are needed through a firewall to get licenses from a license server?

Tx,

Bob
0
 
VegemiteToastCommented:
Dahc521

Can U give me some clear details on setting up the VPN on sonicwall, what client do U use? what is "live addy"? sorry if these questions are obvious but i'm very new to VPN's. I'm trying to set up a sonicwall VPN to 2003 server for Terminal services running a single app for three remote users. I am purchasing terminal licences.

Thanks for your time
PhillB
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 2
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now