While some do use direct connection I prefer through a VPN particularly if
you can use l2tp which can require computer certificates so that computers
must authenticate before user credentials are even tried with certificates
from trusted Certificate Authorities. VPN also allows you to use Remote
Access Policies to further secure the VPN connection and decide what traffic
is allowed into the network with input/output filters. If direct connection
is used you can greatly reduce the risk by configuring the firewall to allow
connections to the port used for RDP [3389 TCP is default] from only
specific IP addresses which may not be possible if users roam or do not have
a static IP address. Either way make sure that users are forced to use
strong passwords. --- Steve


"William Fields" <Bill_Fields@azb.uscourts.gov> wrote in message
news:Op2aKrlAGHA.3928@tk2msftngp13.phx.gbl...
> Hello.
>
> I have a customer who is having all kinds of problems w/ their current VPN
> connection. They're wondering if it would be acceptable to drop using the
> VPN altogether and just open the necessary port(s) on their firewall to
> allow Terminal Server connections. They do not need LAN access over the
> internet, just terminal server connections.
>
> My initial reaction was "you always use a VPN, that's the secure way of
> doing things", but since the TS client uses an encrypted connection,
> doesn't that generally give enough protection against sniffing?
>
> Comments? Obviously, I'm not a security expert...
>
> Thanks.
>
> --
> William Fields
> MCSD - Microsoft Visual FoxPro
> US Bankruptcy Court
> Phoenix, AZ
>
> ".dll hell - .rpm hell - whatever.
> The grass is always greener"
>
>
>
>
>
>