RE: Secure / Encrypt Terminal Services

From: TSimons@Delphi-Tech.com
Date: 11/26/02

  • Next message: Welsh, Armand: "RE: Exchange in the DMZ"
    From: TSimons@Delphi-Tech.com
    To: focus-ms@securityfocus.com
    Date: Tue, 26 Nov 2002 11:20:12 -0500
    
    

    Has anyone implemented a layer of security before the RDP connection? I've
    hear ZeeBeDee thrown around, ect.

    It needs to be invisible to the enduser, and sit either outside the
    firewall, inside the firewall before the terminal server, or within the
    firewall.

                  \\
    InternetUser---||---[TS Login Screen]
                  //

    ~Todd

    -----Original Message-----
    From: Adrian.Mink@pinnaclewest.com [mailto:Adrian.Mink@pinnaclewest.com]
    Sent: Tuesday, November 26, 2002 11:15 AM
    To: TSimons@Delphi-Tech.com; ohnonono@hushmail.com
    Cc: focus-ms@securityfocus.com
    Subject: RE: Secure / Encrypt Terminal Services

    By default Terminal Services does encrypt the session. Go to Terminal
    Services Configuration -> RDP-Tcp Properties -> General. You can set the
    encryption level there. Note that there is no way to turn encryption off,
    just to set Low, Medium and High.

    Adrian

    -----Original Message-----
    From: TSimons@Delphi-Tech.com [mailto:TSimons@Delphi-Tech.com]
    Sent: Monday, November 25, 2002 8:42 PM
    To: ohnonono@hushmail.com
    Cc: focus-ms@securityfocus.com
    Subject: RE: Secure / Encrypt Terminal Services

    We're looking for the same thing, I'll be watching posts, initial finds are:

    Check out www.jsiinc.com
    http://www.jsiinc.com/subk/tip5000/rh5017.htm
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315055

    We're looking for solutions on how to add another layer of security without
    inhibiting functionality, maybe something at the firewall level

    -----Original Message-----
    From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com]
    Sent: Thursday, November 21, 2002 9:22 AM
    To: focus-ms@securityfocus.com
    Subject: Secure / Encrypt Terminal Services

    -----BEGIN PGP SIGNED MESSAGE-----

    Does the community have an opinion on which is the best way to do this? Can
    it be done via IP-Sec? Basically we have a machine (tripwire manager) that
    will have access to all our networks. Due to politics (gotta love security
    made insecure by politics) it must be remotely managed. The CIO (god bless
    CIO's) has decided that we will use terminal services. Is there a way to
    encrypt the traffic so it is not flying around the network in clear text?
    Would IP-Sec be the recomended solution?

    Suggestions or links (or gentle shoves) to the information would be great.

    Thanks

    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.2 (Java)
    Note: This signature can be verified at https://www.hushtools.com/verify

    wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9
    AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg=
    =2bx1
    -----END PGP SIGNATURE-----

    Get your free encrypted email at https://www.hushmail.com