Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Securing a terminal server VM Environment

Hi,

We have a cloud environment where users log on to a terminal server through a TS Gateway
and TS Session broker that load balances users to various terminal services.  We want to secure this environment so that the users don't have a chance to compromise the security, such as disabling RDP to the Domain Controllers or Exchange servers on this virtual environment (right now admins have access as they are allowed to do some administration on their own cloud)  we're thinking to create a VPN for them to access the DC's and Exchanges and critical servers, and not be directly accessible from the terminal services, is that a viable policy? what else could we do to secure?  thanks!
0
sbsc
Asked:
sbsc
1 Solution
 
btanExec ConsultantCommented:
In general, to provide secure remote access, keep Terminal Servers in the private network, behind a firewall and access these machines via a reverse proxy or SSL VPN Device placed in a DMZ.

Good read on this as well. Critical server if possible should not be remotely managed unless necessary. If so there should be some form if second factor authentication using smartcard via the vpn client. The TS gateway can serves as gatekeeper but better to have ssl vpn gateway to front it and offload that. Such secure gateway will query ldap to identity store or perform radius check before graoting access...

http://www.petri.co.il/securing-rdp-remote-desktop-and-terminal-server-connections.htm
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now