james_axton
asked on
Suggestions on running a VPN in front of a Terminal Services server
We're working with a subsidiary company that runs a Windows 2003 Server in Terminal Services mode to allow employees to work from home. The same machine is also used to allow other subsidiaries on different network segments to remote in to the server. The parent company has requested that all external traffic in to the TS Server now be across a VPN. What is the quickest, cheapest way to accomplish this while making it as easy as we can on the employees who want to work from home and leaving internal employee traffic in to the server untouched? In our opinion, RDP is already secure and that makes the requirement more of a line item to cross off rather than a major security project. Any advice or EE links will be greatly appreciated. Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you sure about the statement 'RDP is already secure'? http://nakedsecurity.sophos.com/2012/03/16/rdp-exploit-china/
As a security consultant, I would give the same advice to clients. How to configure the VPN depends on the solution of your choice. As mentioned before the DC can be used to validate login credentials. For added security use certificates on company laptops (so people cannot easily connect with their insecure and possibly virus infected home pc).
As a security consultant, I would give the same advice to clients. How to configure the VPN depends on the solution of your choice. As mentioned before the DC can be used to validate login credentials. For added security use certificates on company laptops (so people cannot easily connect with their insecure and possibly virus infected home pc).
ASKER
Let's close this out. We can run this through an existing firewall (presumably with some sort of licensing, unless that ability was included) or we can purchase a hardware VPN. What are the other options here? idelga, please followup with any suggestions you might have, and adamnl please do the same. Thanks,
If you give me the Firewall model, I can suggest some ways to do this if you still need help...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to everyone for the input!
ASKER