[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Terminal Server Security

Posted on 2015-01-29
10
Medium Priority
?
113 Views
Last Modified: 2015-03-05
Hey guys,

We have a bunch of terminal servers behind our gateway. Now, we have users from random places who connect.

How can i secure it against threats/hacks sinces it kind of "open"
0
Comment
Question by:Cobra25
10 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40578885
There is really nothing unique to TS. Any service on the internet (exchange servers, sharepoint extranet servers, etch) are "kind of open." So the same basic principles apply to all:

1) Complex passwords.
2) change passwords. Often.
3) Have windows lock accounts after a few incorrect attempts.
4) Monitor access. Block IPs that don't need it (are you really expecting someone to remote in from Russia? No? Block all Russian owned IP blocks!)
5) Employ IDS/IPS. At the very least you'll get notified of repeated failed logins (IDS) or you can have automatic blocks go up on repeated attempts (IPS.)
6) Consider MFA. It is relatively inexpensive now and easy to deploy.
7) PATCH!!!

Nothing groundbreaking in these suggestions, but you'd be surprised how many attacks they prevent. The highly publicized Sony attack? A weak password!
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40578946
You can also look at blocking access to the Terminal Server from the Internet altogether and force external users to connect via VPN first before they can log into the TS.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40578952
Cliff what's MFA ?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40578965
Multi-factor Authentication. Things like smartcards, PIN FOBs, Fingerprint scanners. All fall under the MFA umbrella. For the SMB, SMS or smartphone apps are my current recommended options. Inexpensive and easy.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40578966
Cliff, any cost effective options?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40579001
PhoneFactor - Per user       $1.40 per month (unlimited authentications) or Per authentication       $1.40 per 10 authentications
, Google Authenticator
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40609387
Which is the easiest to setup and sync with AD?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40609392
Azure MFA or Azure AD premium are very easy to set up and directory syncing is a key component of Azure AD.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40609395
Do i have to an Azure cloud server?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40609402
No. You have to have an Azure account, but Azure has many services, not just virtual machines. Azure AD and MFA are their own products and don't require any VMs.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question