Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Terminal Server over the internet 1

Status
Not open for further replies.
PaulGillespie

PaulGillespie

Technical User
Jul 2, 2002
516
GB
Hi Guys,

I'm going to be installing a terminal server soon to allow a remote office acess to HQ. It will also be used from time to time by staff from home.

My question is: is it safe to have port 3389 open on the firewall and allow users to connect straight to it over the internet or should i be using some other form of security.

Thanks

Paul
 
Sort by date Sort by votes
Thanks, didn't think i could change the listeing port or the port RDP client uses to transmit on. I'll look into it.

Cheers
 
Upvote 0 Downvote
Upvote 0 Downvote
I currently run two remote terminal servers and we allow access via the RDP port but authenticate the users from home using a Watchguard Firewall then Windows and once on a VPN link we then allow access to the terminal servers. With regards to your remote site you just need a secure VPN tunnel and they will just connect automatically
 
Upvote 0 Downvote
Thanks twicki, thats what i was wondering about. Is RDP traffic unsecure if not over a VPN? i thought RDP traffice was encrypted by default. Am i wrong?
 
Upvote 0 Downvote
No the data is only encrypted if you encrypt on send but for £300 you can pickup two netgear VPN firewalls and create a secure tunnel or if you have more cash we bought two Wathguard X700 firewalls for the ADSL line which is what we allow home users down and then 2 netgear for a secure tunnel but the watchguards where £1000 each. It really depends on the sensitivity of your data see we are an aerospace company so ours is sensitive
 
Upvote 0 Downvote
No RDP isn't by default but you can force "High: encrypts both the data sent from client to server and the data sent from server to client using a 128 bit key".

But as twicki says and i pointed out even budget models like cisco PIX will allow you to encrypt traffic.
 
Upvote 0 Downvote
I know about HW VPNs and have a few in place for site to site traffic and have experience of Netgear and Zyxel VPN firewalls. I'm just trying to gauge whether it is essential for home/mobile users to have to VPN in first then RDP over the tunnel. For this particular client, the information is not sensitive but i am concerned about malware/hackers/crackers/other internet threats etc.

If someone has to VPN in first using PPTP then logs into the terminal server, both authentications are the same, i.e. same usernanes and passwords. so if someone can guess one, they've got the other. Am i making sense?

Thanks for your input, i'm learning here :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
694
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
519
MaioMaio
MaioMaio
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
624
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
906
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top