RE: terminal service client
- From: "Mark Hippenstiel" <mark@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Sep 2002 01:17:28 +0200
True enough... I thought that the communication would be channeled in
some way. Does that mean that the only advantage of tsac is that you
have to struggle with IIS? :-)
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Thursday, September 12, 2002 12:24 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: terminal service client
>
>
> http://www.ISAserver.org
>
>
> The statement "would run through an SSL session" is
> absolutely untrue. Terminal Services operates on TCP-3389 (or
> the port that you define), outside of any SSL session you
> create to reach the TSAC page. It's one of the bugaboos that
> catches the unwary every time.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/pages/author_index.asp?aut=3
> http://isatools.org
> Read the books!
>
> ----- Original Message -----
> From: "Mark Hippenstiel" <mark@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, September 11, 2002 2:09 PM
> Subject: [isalist] RE: terminal service client
>
>
> http://www.ISAserver.org
>
>
> There is a point in having to deal with IIS and some coding
> to get it run, but it would run through a SSL connection and
> be ways safer than just letting Terminal Services listen on
> another port. Correct me if I'm wrong, but whoever would want
> to mess around would test which services run on which port
> anyway, no? In my understanding this wouldn't be a major
> security enhancement.
>
> Therefore I personally would prefer using a VPN connection to
> TS and go further from there as has already been said. The
> following article gives
> (little) insight on what is being encrypted in and around a terminal
> session:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q275727
>
>
> Depending on what applications you run, you might want to
> install some of the following scripts:
>
> http://www.microsoft.com/windows2000/techinfo/administration/t
> erminal/ts
> apcompat.asp
>
>
> Mark
>
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Wednesday, September 11, 2002 3:23 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: terminal service client
>
>
> http://www.ISAserver.org
>
>
> The AX client requires either a web page to run within or you
> get to write custom local code to use it. Plus, it doesn't
> obey the same logoff restrictions that eh real clients does.
> Personally, I don't recommend the TS AX client.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/pages/author_index.asp?aut=3
> http://isatools.org
> Read the books!
>
> ----- Original Message -----
> From: Mark <mailto:mark@xxxxxxxxxxxx> Hippenstiel
> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, September 11, 2002 12:07 AM
> Subject: [isalist] RE: terminal service client
>
> http://www.ISAserver.org
>
>
> Then how about using the TS active-x client on a non standard
> port, over a secure channel? I can remember that this was
> discussed here once. -----Original Message-----
> From: John Haislet [mailto:jhaislet@xxxxxxxx]
> Sent: Wednesday, September 11, 2002 6:22 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: terminal service client
>
>
> http://www.ISAserver.org
>
>
> My only concern is that its a HUGE risk if you don't know
> every little in and out of TS and get everything setup just
> right for maximum security. Call me paranoid, but TS is one
> more think I would not want to have to worry about on a
> server w/ a direct internet connection.
>
> John in Texas
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, September 10, 2002 11:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: terminal service client
>
>
> http://www.ISAserver.org
>
>
> Hi John,
>
> But practically speaking, I think it would be difficult to
> exploit the published Terminal Server. You can use high
> encryption, create complex passwords for the Admin accounts,
> rename the admin accounts, and make sure that the server
> doesn't remember the last logged on user's name. So, I would
> bet publishing a TS would be pretty safe.
>
> Do you think I might have missed something in this analysis?
>
> Thanks!
>
> Thomas W Shinder
> <http://www.isaserver.org/shinder> www.isaserver.org/shinder
>
>
> -----Original Message-----
> From: John Haislet [mailto:jhaislet@xxxxxxxx]
> Sent: Tuesday, September 10, 2002 10:48 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: terminal service client
>
> http://www.ISAserver.org
> I personally would not do this. It really opens up a very
> large security gap in the firewall and network for that
> matter having these services accessible from the outside.
> Terminal services were really designed to be used inside the
> LAN, say from your office to the data center. I am not sure
> on the details of making it work, but it should be pretty
> easy to find what port(s) it uses. I also at a minimum would
> recommend using VPN to access the server from the outside if
> thats what you choose.
>
> John in Texas
> -----Original Message-----
> From: Achmad Mursalin [mailto:ach_m@xxxxxxxxx]
> Sent: Tuesday, September 10, 2002 10:35 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] terminal service client
> http://www.ISAserver.org Halo. my exchange server 2000 behind
> ISA server 2000. I want to use terminal service client from
> my home to remote server exchange and isa server. In exchange
> server add ( terminal service, terminal service license) In
> ISA server add ( terminal service, terminal service license )
> HOw to configure ISA server and exchange 2000 server so that
> i can remote server. thanks.
>
>
> _____
>
> Yahoo! - We Remember
> 9-11: A tribute to the more <http://dir.remember.yahoo.com/tribute>
> than 3,000 lives lost
> ------------------------------------------------------ You
> are currently subscribed to this ISAserver.org Discussion
> List as: jhaislet@xxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jhaislet@xxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
Other related posts:
