Windows Server 2008 Terminal Server--Connection Issue
-
@wirestyle22 you just have RDP open to the outside? Do they not use RDP over some type of VPN?
-
You should be using VPN, and if you are the logs should tell the story.
-
The better way to ask that @RojoLoco is: @wirestyle22 do they have to connect to the RDP session using anything special?
An open RDP connection is likely a WAN issue. If you have no VPN that they connect to first, and then use RDP to connect to terminal services then you have some design issues.
-
@IRJ said:
You should be using VPN, and if you are the logs should tell the story.
Why? RDP is secure.
-
@Dashrender said:
@IRJ said:
You should be using VPN, and if you are the logs should tell the story.
Why? RDP is secure.
I hope you're joking..
-
@Dashrender said:
@IRJ said:
You should be using VPN, and if you are the logs should tell the story.
Why? RDP is secure.
???
-
RDP has it's own security, you don't need to run it over VPN.
RDS Gateways are for just this purpose.
-
But you're literally providing a door for which hackers can easily attempt to enter, with minimal effort.
-
RDS Gateways push all traffic over SSL, effectively making it a single app ssl vpn.
-
Why would this be any different than those who provide Citrix nFuse servers? They both use AD for authentication.
Why are you worried about someone authenticating against this and not against Google, or iTunes, or Amazon?
Of course I'm assuming that you only have port 3389 open, and should have some type of lockout setup on your accounts after x number of bad attempts.
-
@brianlittlejohn said:
RDS Gateways push all traffic over SSL, effectively making it a single app ssl vpn.
This I would need to verify.
Are you saying that the RDS Gateway uses something more than just the RDS client on Windows to establish that SSL connection?
and even so - that doesn't make it safer.
Google also wraps your login inside a SSL connection - but you can still attempt to log in until their system denies you for to man invalid attempts.
-
@Dashrender It uses the RDP client, under advanced tab is where you set it up to access the RDS Gateway. The only thing on the firewall you have to open port 443.
-
@Dashrender said:
and even so - that doesn't make it safer.
Google also wraps your login inside a SSL connection - but you can still attempt to log in until their system denies you for to man invalid attempts.
It does make it safer. There is no way to stop what you are saying. You can do this with VPNs. Logins that require RSA Keys etc. That's why you have lock outs. We have ours set to three.
Most large companies have Ctirix or RD Gateways. A VPN is unusually only for company owned devices and is more of a risk because it exposes the whole network directly to the device once logged in.
-
@Dashrender the confusion here was that you said RDP is secure when it is not. You meant (and clarified in a followup post) that an RDS Gateway to RDP is secure.
-
@Dashrender said:
@brianlittlejohn said:
RDS Gateways push all traffic over SSL, effectively making it a single app ssl vpn.
This I would need to verify.
Are you saying that the RDS Gateway uses something more than just the RDS client on Windows to establish that SSL connection?
and even so - that doesn't make it safer.
Google also wraps your login inside a SSL connection - but you can still attempt to log in until their system denies you for to man invalid attempts.
How is that different than a VPN?
