Terminal Services & Security
Posted on 2004-08-18
I don't have one actual question, I'm looking for suggestions/advice and a couple of answers. I am setting up a TS server inside my firewall. The people I will have using it need access to Outlook (& conversely, our exchange server), a db client app, and possibly a network share or two. What is the most secure method of setting this up? Some of the issues I have are:
- Should I have them VPN into the TS machine (NAT on a non standard port) itself rather than our regular VPN server?
- Should/can this sever be on it's own domain or workgroup?
- Should/can this server be on it's own subnet?
- What else should I consider in locking down this access?
Basically, I need the MOST secure setup I can have in this situation. If the network share is a problem (as I see it), that's not critical. Outlook and the Client app are.