Re: Opening Port 3389

From: Keith (_at_.)
Date: 02/06/04


Date: Fri, 6 Feb 2004 22:34:31 -0000

We have VPN already but staff are mostly too incompetent to use it.

A much simpler solution is if they can access Terminal Services over the
internet. They get a full-screen desktop and it all looks just like it does
when they are in the office - much neater for those who are useless.

TS over the net is a must for my users - I don't see another way around it.

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:lk48209ijpbpd6b183usl19vhcqeibmn3p@4ax.com...
> On Fri, 6 Feb 2004 20:12:56 -0000, "Keith" <@.> spoketh
>
> >The firewall at my work is a Cisco PIX 515E with DMZ.
> >
> >On the DMZ I am going to sit a 2k server with IIS as a web server.
Inside
> >my LAN I have my normal 2k domain servers and also a 2k server acting as
> >Terminal Services server.
> >
> >If I open port 3389 on the PIX in theory my users should be able to fully
> >use Terminal Services inside my LAN from the Internet.
> >
> >Does anyone see any security risks with opening port 3389 and only 3389
on
> >the PIX?
> >
> >Thanks
> >
> >Keith
> >
>
> Way too much irrelevant information. Since your DMZ servers and LAN
> domain servers doesn't play into this, leave it out. If all you want is
> terminal server access for your crew on the outside of the firewall, use
> VPN. Then only authorized users will have access to your terminal
> server...
>
>
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.