Can someone tell me what will be the best practise to secure my Terminal Services server at LAN. I have multiple locations branch office and a head office. My TS server is sitting in HQ, I have site-to-site VPN from branch office to HQ, then the users can access to my LAN resources and the TS through VPN.
However; in order to avoid any internal hacking, I need to secure my Ts, so what will be the best practise? Should I use SSL VPN along side with my firewall?