In this example network, I am using the Windows Server 2008 NAT server as my Internet gateway. The arrows show the flow of communications from the external RDP client to the Terminal Server.Įach of the servers in this scenario are running Windows Server 2008 Enterprise Edition. In this two part series on how to put together a working Terminal Services Gateway solution, we will use the lab network you see in the figure below. This gives you the fine grained control you need to insure that you have a secure remote access RDP solution. Using a Terminal Services Gateway, you can pre-authenticate users and control what Terminal Servers users can access based on credentials and policy. Windows Server 2008 provides a solution to this security problem: Terminal Services Gateway.
A compromised Terminal Server is perhaps the most dangerous exploit possible against your network, as the attacker has access to a full operating system to launch his attacks. Without pre-authentication, anonymous users could leverage their anonymous connections to compromise the published Terminal Server. The lack of pre-authentication was an especially difficult problem. And for good reason – there was no ability to pre-authenticate connections or use policy to determine which users could access which Terminal Servers. Microsoft security administrators have always been a bit wary of publishing Terminal Servers to the Internet. If you would like to read the next part in this article series please go to Configuring the Windows Server 2008 Terminal Services Gateway (Part 2)
0 kommentar(er)
