• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

How can I lock down remote access on a windows 2003 server?

Hi Experts,

I have two Windows 2003 servers, one is an Exchange 2003 server and the other is a Domain Controller.  The Exchange server is also running WSUS.  I recently setup an ssl certificate that I purchased from a 3rd party provider on the Exchange server.  I am using it to secure both OWA and WSUS clients.  I setup split DNS so that I can use this certificate for internal WSUS clients.  All clients are Windows xp and 2000.  All computers on the network are running behind my router/firewall in a private ip address range.  I only have one public ip address which is configured on my router along with my ISPs DNS servers.  It all works.

Now I want to lock down remote access to the server.  At this point I am the only one who needs remote access for administrative purposes.  I currently access the server through RDP.
1.  Is this a security risk?
2.  What is the best way to setup secure remote access? (easy would be nice)
3.  Can I use my current ssl certificate to secure remote access?

Thanks Dale






0
DaleFrazier
Asked:
DaleFrazier
  • 3
  • 2
1 Solution
 
t_swartzCommented:
Hi Dale,

Does your firewall have a vpn capability that you could use to connect from a computer outside the network? Another option to securely connect remotely might be the windows built in vpn, using the routing and remote access service. You open up the ports on your firewall to allow traffic to the server hosting the remote acces service and establish the vpn that way. Your SSl cert wouldn't be invovled. Another method might be to use that tsweb application, this makes those rdp connections available over a web page. If you hosted a website on your server, and applied the certificate to it, i suppose you could hit that web page securely, then launch the term server session that way. Let us know how it works out.
0
 
DaleFrazierAuthor Commented:
No my router does not support vpn.  I was thinking about a new router that would.  
I setup vpn on my server once but had trouble getting through the firewall.  Might try that again.  Got a good article on how to set that up?

Thanks Dale
0
 
t_swartzCommented:
Setting up the services on the server:
http://support.microsoft.com/kb/323441

Port assignments on your firewall:
http://technet2.microsoft.com/windowsserver/en/library/33d82ce9-f1ea-430b-80cb-4dea2ef7afa61033.mspx?mfr=true

Let me know how you progress. Good luck, Todd
0
 
DaleFrazierAuthor Commented:
I setup the vpn server on my DC.  I then created a client connection on my laptop.  Opened ports
1723 tcp
1701 udp
500 udp
 
IPsec pass through and PPTP pass through are enabled by default on my linksys router.  I am atttached to my office LAN trying to connect but can not (is this a problem?).  I am using nat.  Is this a problem?  Help!
0
 
t_swartzCommented:
Well, the nat won't work when you are on the office lan as you aren't coming in from the outside interface. I don't really know what a linksys router looks like, but, you'll be doing port address translation, basically traffic coming in from the outside, on port 1723 will be translated to your internal server ip address on port 1723. To test that the vpn works, you should be able to do that from inside the network, by setting up a new network connection from your workstation to the server.

Article on a linksys setup
http://www.ciscopress.com/articles/article.asp?p=598649&seqNum=5&rl=1
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now