Server 2003 firewall setting to allow rdp connect only

What is the most secure firewall setting to allow only terminal service connection via rdp for a server 2003 running terminal services for 20 users?

What additional firewall device or software would assure secure connection and stop hack attacks via ncrack or other hacking methods?
am5240Asked:
Who is Participating?
 
rotech_ITConnect With a Mentor Commented:
I prefer Sonicwall for hardware firewalls.  I use 3 of these in a production environment and have always had great things to say about them.  The Sonicwall NSA2400 is a great device and relatively speaking, easy to use.

www.sonicwall.com

As far as Windows Firewall, if you only want to allow RDP traffic make an exception for TCP port 3389.  Here's a good, basic read on some security considerations for terminal server 2003.  It should give you some ideas on how to better secure your environment and point you in the right direction:

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/security/securing-windows-terminal-services.html


0
 
kaskhedikar_tusharCommented:
Hello,

Juniper firewall is the best external firewall device. This will secure your network.

This may help you.

http://www.juniper.net/us/en/products-services/security/

http://support.microsoft.com/kb/925876


Regards,
Tushar Kaskhedikar
0
 
am5240Author Commented:
Are there any specific security features to enable or disalbe in the Server 2003 Built In WIndows Firewall  which will reduce the probablilty of hacker gaining access to the server via RDP or other networking protocols ?
0
 
am5240Author Commented:
rotech IT,
I appreaciate the link to the article on securing windows ts. My server is configured as the article suggest, so that is important to know that I  have the basics on my server corrrectly setup.

I will investigate the firewall options. I am looking for reliable security at a reasonable cost.
CISCO  5505 seems to be a less costly hardware option.
0
 
rotech_ITCommented:
Great to hear that am5240.  Sounds like you're on the right track.

You can always go with a Sonicwall Pro 3060.  It's a generation behind the NSA devices.  Just be sure you get it with SonicOS Enhanced.  The basic OS is still good, but not as robust as far as features.

I run a couple 3060's configured for hardware failover in a production environment.  Does a great job.  You can grab them on ebay for fairly cheap.  I also think Sonicwall still sells them new.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.