Solved

Server 2003 firewall setting to allow rdp connect only

Posted on 2010-11-24
5
373 Views
Last Modified: 2012-05-10
What is the most secure firewall setting to allow only terminal service connection via rdp for a server 2003 running terminal services for 20 users?

What additional firewall device or software would assure secure connection and stop hack attacks via ncrack or other hacking methods?
0
Comment
Question by:am5240
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 34204903
Hello,

Juniper firewall is the best external firewall device. This will secure your network.

This may help you.

http://www.juniper.net/us/en/products-services/security/

http://support.microsoft.com/kb/925876


Regards,
Tushar Kaskhedikar
0
 

Author Comment

by:am5240
ID: 34205472
Are there any specific security features to enable or disalbe in the Server 2003 Built In WIndows Firewall  which will reduce the probablilty of hacker gaining access to the server via RDP or other networking protocols ?
0
 
LVL 5

Accepted Solution

by:
rotech_IT earned 500 total points
ID: 34209375
I prefer Sonicwall for hardware firewalls.  I use 3 of these in a production environment and have always had great things to say about them.  The Sonicwall NSA2400 is a great device and relatively speaking, easy to use.

www.sonicwall.com

As far as Windows Firewall, if you only want to allow RDP traffic make an exception for TCP port 3389.  Here's a good, basic read on some security considerations for terminal server 2003.  It should give you some ideas on how to better secure your environment and point you in the right direction:

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/security/securing-windows-terminal-services.html


0
 

Author Comment

by:am5240
ID: 34209889
rotech IT,
I appreaciate the link to the article on securing windows ts. My server is configured as the article suggest, so that is important to know that I  have the basics on my server corrrectly setup.

I will investigate the firewall options. I am looking for reliable security at a reasonable cost.
CISCO  5505 seems to be a less costly hardware option.
0
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34210020
Great to hear that am5240.  Sounds like you're on the right track.

You can always go with a Sonicwall Pro 3060.  It's a generation behind the NSA devices.  Just be sure you get it with SonicOS Enhanced.  The basic OS is still good, but not as robust as far as features.

I run a couple 3060's configured for hardware failover in a production environment.  Does a great job.  You can grab them on ebay for fairly cheap.  I also think Sonicwall still sells them new.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now