Terminal - Firewall

From: John Jairo Florez Torres (jjflorez_at_uninorte.edu.co)
Date: 05/23/03

  • Next message: Hugo Deckx: "RE: Security for Notebooks"
    To: <security-basics@securityfocus.com>
    Date: Fri, 23 May 2003 14:49:14 -0500
    
    

    Hi,
    I work for a University. We are working in a terminal server proyect and we
    are going to have for about 50 thin clients. The thin clients are going to
    work with Microsoft Office, explorer and a client-server application
    (Oracle).

    The question I have is where do I have to put the server. Our Firewall have
    four zones:
    - Outside (Internet)
    - DMZ
    - Institutional servers
    - PCs and departamentals servers. The thin cliesnts are going to be in this
    zone

    I think I would have to put the terminal server in the Institutional servers
    zone. If so, the network traffic from server to the thin clients would be
    passing throuhh the firewall. Could this traffic put a big work load in the
    firewall?
    Or Should I put the terminal server in the Pcs and departamentals servers
    zone where I am going to have my thin clientes too so this traffic does not
    pass through the firewall. The problem here is that the terminal server will
    not be protected by the Firewall from an attack originated in this zone.

    What schema do you recommend?
    In other words , is it a good a idea that the traffic between a terminal
    server and its thin clints pass through a firewall? any performance issues?

    Thanks for your help

    John Florez

    ---------------------------------------------------------------------------
    Thinking About Security Training? You Can't Afford Not To!

    Vigilar's industry leading curriculum includes: Security +, Check Point,
    Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
    --UP TO 30% off classes in select cities--
    http://www.securityfocus.com/Vigilar-security-basics
    ----------------------------------------------------------------------------


  • Next message: Hugo Deckx: "RE: Security for Notebooks"

    Relevant Pages

    • Re: Accessing TS over the Internet
      ... forward tcp3389 to the WAN IP on the SBS server and then configure the SBS ... Configure the firewall to forward Remote Web Workplace connection to the SBS ... Server for access to all internal RDP servers including the Terminal Server. ...
      (microsoft.public.windows.server.sbs)
    • Re: thin clients on SBS2003 ?
      ... Even with the ease of SBS features. ... SBS Server per site = 523 servers ... clients all connect back to a Terminal Server farm in the HQ data ... >> Is it possible to run thin clients on a SBS2003 network. ...
      (microsoft.public.windows.server.sbs)
    • Re: Client printing problems
      ... When I "install" a printer on a thin client, ... What would prevent the installation of this virtual printer on the server? ... Check the EventLog on the Terminal Server to fiind the cause of the ... These thin clients have an auto logon ...
      (microsoft.public.windows.terminal_services)
    • Re: thin clients on SBS2003 ?
      ... Even with the ease of SBS features. ... > sbs server. ... > thin clients all connect back to a Terminal Server farm in the HQ ... >> sessions. ...
      (microsoft.public.windows.server.sbs)
    • Re: connecting to RDP from behind an ISA firewall
      ... You have to open port 3389 on *your* firewall and point it to the ... Terminal server, to allow incoming traffic. ... 294720 - How to Server Publish a Terminal Server with ISA While ...
      (microsoft.public.windows.terminal_services)