Re: Opening Port 3389
From: Keith (_at_.)
Date: Fri, 6 Feb 2004 22:34:31 -0000
We have VPN already but staff are mostly too incompetent to use it.
A much simpler solution is if they can access Terminal Services over the
internet. They get a full-screen desktop and it all looks just like it does
when they are in the office - much neater for those who are useless.
TS over the net is a must for my users - I don't see another way around it.
"Lars M. Hansen" <firstname.lastname@example.org> wrote in message
> On Fri, 6 Feb 2004 20:12:56 -0000, "Keith" <@.> spoketh
> >The firewall at my work is a Cisco PIX 515E with DMZ.
> >On the DMZ I am going to sit a 2k server with IIS as a web server.
> >my LAN I have my normal 2k domain servers and also a 2k server acting as
> >Terminal Services server.
> >If I open port 3389 on the PIX in theory my users should be able to fully
> >use Terminal Services inside my LAN from the Internet.
> >Does anyone see any security risks with opening port 3389 and only 3389
> >the PIX?
> Way too much irrelevant information. Since your DMZ servers and LAN
> domain servers doesn't play into this, leave it out. If all you want is
> terminal server access for your crew on the outside of the firewall, use
> VPN. Then only authorized users will have access to your terminal
> Lars M. Hansen
> Remove "bad" from my e-mail address to contact me.