[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Securing a terminal server VM Environment

Hi,

We have a cloud environment where users log on to a terminal server through a TS Gateway
and TS Session broker that load balances users to various terminal services.  We want to secure this environment so that the users don't have a chance to compromise the security, such as disabling RDP to the Domain Controllers or Exchange servers on this virtual environment (right now admins have access as they are allowed to do some administration on their own cloud)  we're thinking to create a VPN for them to access the DC's and Exchanges and critical servers, and not be directly accessible from the terminal services, is that a viable policy? what else could we do to secure?  thanks!
0
sbsc
Asked:
sbsc
1 Solution
 
btanExec ConsultantCommented:
In general, to provide secure remote access, keep Terminal Servers in the private network, behind a firewall and access these machines via a reverse proxy or SSL VPN Device placed in a DMZ.

Good read on this as well. Critical server if possible should not be remotely managed unless necessary. If so there should be some form if second factor authentication using smartcard via the vpn client. The TS gateway can serves as gatekeeper but better to have ssl vpn gateway to front it and offload that. Such secure gateway will query ldap to identity store or perform radius check before graoting access...

http://www.petri.co.il/securing-rdp-remote-desktop-and-terminal-server-connections.htm
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now