Solved

Server 2003 firewall setting to allow rdp connect only

Posted on 2010-11-24
5
392 Views
Last Modified: 2012-05-10
What is the most secure firewall setting to allow only terminal service connection via rdp for a server 2003 running terminal services for 20 users?

What additional firewall device or software would assure secure connection and stop hack attacks via ncrack or other hacking methods?
0
Comment
Question by:am5240
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 34204903
Hello,

Juniper firewall is the best external firewall device. This will secure your network.

This may help you.

http://www.juniper.net/us/en/products-services/security/

http://support.microsoft.com/kb/925876


Regards,
Tushar Kaskhedikar
0
 

Author Comment

by:am5240
ID: 34205472
Are there any specific security features to enable or disalbe in the Server 2003 Built In WIndows Firewall  which will reduce the probablilty of hacker gaining access to the server via RDP or other networking protocols ?
0
 
LVL 5

Accepted Solution

by:
rotech_IT earned 500 total points
ID: 34209375
I prefer Sonicwall for hardware firewalls.  I use 3 of these in a production environment and have always had great things to say about them.  The Sonicwall NSA2400 is a great device and relatively speaking, easy to use.

www.sonicwall.com

As far as Windows Firewall, if you only want to allow RDP traffic make an exception for TCP port 3389.  Here's a good, basic read on some security considerations for terminal server 2003.  It should give you some ideas on how to better secure your environment and point you in the right direction:

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/security/securing-windows-terminal-services.html


0
 

Author Comment

by:am5240
ID: 34209889
rotech IT,
I appreaciate the link to the article on securing windows ts. My server is configured as the article suggest, so that is important to know that I  have the basics on my server corrrectly setup.

I will investigate the firewall options. I am looking for reliable security at a reasonable cost.
CISCO  5505 seems to be a less costly hardware option.
0
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34210020
Great to hear that am5240.  Sounds like you're on the right track.

You can always go with a Sonicwall Pro 3060.  It's a generation behind the NSA devices.  Just be sure you get it with SonicOS Enhanced.  The basic OS is still good, but not as robust as far as features.

I run a couple 3060's configured for hardware failover in a production environment.  Does a great job.  You can grab them on ebay for fairly cheap.  I also think Sonicwall still sells them new.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question