Re: TS access and Virus issue

From: Bjarni (Bjarni_at_discussions.microsoft.com)
Date: 10/19/04


Date: Tue, 19 Oct 2004 10:11:03 -0700

Joe, thanks for your reply,

I do have a firewall and and all my servers are upto date with all patches.
What about drive mappings, doesn't open up the possibility of viruses? I have
worked with TS and remote users in the past so I know about screen draws etc.
but never had to worry about this because I controled both sides, which in
this case I do not.

I have multiple servers, over 400 users and I don't feel comfortable giving
an outside vendor access like this, so I guess I am trying to come up with
something other then my concerns about TS and it's security issues from the
outside.
TIA for any follow-ups
"Joe" wrote:

>
> "Bjarni" <Bjarni@discussions.microsoft.com> wrote in message
> news:9BCDE136-8F99-4CD4-B6C2-C9EAE7C93E1B@microsoft.com...
> > I have a vendor that wants to have access to an application on my server,
> I
> > was thinking about using TS, but I have concerns over viruses coming from
> the
> > vendors network. This is a financial database that the vendor would be
> > connecting to and he would not have access to any other areas of the
> server.
> > Is my concern about viruses valid, or do I have nothing to worry about? I
> am
> > also worried about overall security on the vendor site, if I give him
> access
> > to my server and he has security breach then my security is breached
> also..
> > right?. Hope someone can help me by shedding light on these issues
>
> I don't believe terminal services transfers anything other than screen
> shots, the location of your mouse, and what you type on your keyboard. If
> you are thinking about the fact that you have to open up your firewall to
> the internet for the TS specific ports then you really only have to worry if
> you aren't up to date with all the patches. You do have a firewall don't
> you?
>
> Joe
>
>
>



Relevant Pages

  • Re: External PCAnywhere to internal client
    ... What you are describing is basic network address translation and should really have nothing at all to do with the server IF the server is ... Assuming that you have a typical hardware firewall, then you should be able to configure port forwarding on it directly to the LAN address of the workstation to be controlled. ... Make sure that you specify the two pcA ports correctly on the firewall, and that these ports are also open on the workstation's software firewall if it has one: ... I use a hardware firewall that lets the correct PCAnywhere ports in from the vendor' s ip address and routed them to the internal PC using the firewall (ie: ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to connect to or browse a secure web
    ... I cannot browse from my server to the vendor secure site but I can browse ... I checked my firewall logs and I have not found it to be the problem. ... >> https site from the server. ...
    (microsoft.public.inetserver.iis.security)
  • [fw-wiz] Too Paranoid?
    ... A vendor wants to install a system on our LAN that uses a MS-Win2k ... This server is completely a turn-key system. ... through my firewall, using HTTPS, to multiple servers on the Internet ... in turn under the control of yet *other* entities. ...
    (Firewall-Wizards)
  • Re: TS access and Virus issue
    ... > I have a vendor that wants to have access to an application on my server, ... This is a financial database that the vendor would be ... > also worried about overall security on the vendor site, ... You do have a firewall don't ...
    (microsoft.public.win2000.security)
  • Re: Datemas.de trouble again. Now using different server
    ... So I'm using my other newsgroup server which isn't as ... fast in making connections. ... Usually the server is down or your firewall is blocking it. ... Thanks, Joe. ...
    (uk.people.silversurfers)