Re: Terminal Services + IPsec using certificates?

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/07/04 

Date: Tue, 7 Sep 2004 14:43:08 +0200

Hi Mike,

Terminal Servers (Windows 2003) by default uses 128 bit encryption to
protect any data exchanged between client and server. On Windows 2000 you
have to manually set Encryption level to high. Do you think this wouldn't
work for you? Do you need more protection?

If you decide to use certificates for IPSec each computer would get it's own
certificate. These certificates are used for computer authentication process
(just like preshared key or Kerberos would be).

Mike

"Mike" <mike@nomail.se> wrote in message
news:NBh%c.102761$dP1.366438@newsc.telia.net...
> Hi,
> I need to access a few stand alone Win 2000 Servers for admin purposes
using
> Terminal Services. For security reasons I want to use IPsec to wrap a
layer
> of security around the servers. I want to do something similar to
> http://www.windowsitpro.com/Article/ArticleID/20288/20288.html but instead
> of using preshared keys I want to use certificates as authentication
option.
>
> I have four servers (Win 2000 Server) I need to be able to connect to
using
> two different clients (WinXP at home and at work). Using preshared keys
this
> would be pretty straightforward, but Im not sure exactly how certificates
> work in this. Do I generate one certificate for each server and each
client,
> or how do I go about this?
>
> Since, in the example in the link above, the client sets a rule for all TS
> traffic I gather I can only have one certificate per client to be used for
> TS traffic? If so, how can I access different TS servers in this way? Is
it
> possible at all?
>
> I donīt know much about certificates as you see, maybe someone can point
me
> in the right direction? Any help/input/link is highly appreciated.
>
> /Mike
>
>

Relevant Pages

  • Terminal Services + IPsec using certificates?
    ... I need to access a few stand alone Win 2000 Servers for admin purposes using ... For security reasons I want to use IPsec to wrap a layer ... of using preshared keys I want to use certificates as authentication option. ... Since, in the example in the link above, the client sets a rule for all TS ...
    (microsoft.public.win2000.termserv.apps)
  • Terminal Services + IPsec using certificates?
    ... I need to access a few stand alone Win 2000 Servers for admin purposes using ... For security reasons I want to use IPsec to wrap a layer ... of using preshared keys I want to use certificates as authentication option. ... Since, in the example in the link above, the client sets a rule for all TS ...
    (microsoft.public.win2000.security)
  • Re: [fw-wiz] Defense in Depth to the Desktop
    ... > network hardware mechanisms. ... The Strong Internal Network Defense ... The client subnet and the server ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)
  • [fw-wiz] Defense in Depth to the Desktop
    ... network hardware mechanisms. ... controls is highlighted when the internal network and systems suffer ... The client subnet and the server ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Defense in Depth to the Desktop
    ... Sounds a lot like Domain Based Security (not Windows 'domains', ... > network hardware mechanisms. ... The client subnet and the ... Servers are allowed to reply to clients, ...
    (Firewall-Wizards)