Thread: TS over the internet - directly attach, or require a VPN?
View Single Post
  #7  
Old 01-05-2006, 07:15 AM
Leythos
 
Posts: n/a
Default Re: TS over the internet - directly attach, or require a VPN?
In article <MPG.1e1395672ccf39b3989999@msnews.microsoft.com>,
kiln@brick-like.com says...
> As I said I'm a newbie to the topic at hand, so I'm even not sure that
> what you said doesn't match the OP's question. I've read many posts by
> you (Jeff) where the primary message seems to be "don't ever expose your
> TS/LAN directly on the internet". I often can't tell exactly what you
> mean by that; and this response of yours makes it even more confusing.
> What exactly do you consider a safe TS config for use on the internet?

Any user outside of the OFFICE should FIRST connect via VPN and then
access the company resources - simple answer.

What this means is that no matter where you are, you need to VPN into
the office and then through the VPN tunnel you would open a Remote
Desktop session to the Terminal Server (still inside the company
network). This means that the ONLY exposure is through the VPN ports to
the VPN device in the office.

I personally never terminate the VPN's at the Server, I terminate them
at the Firewall Appliance and then have RULES that limit VPN users to
specific ports/IP in the company.

--

spam999free@rrohio.com
remove 999 in order to email me
Reply With Quote