Re: TS access and Virus issue

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/19/04


Date: Tue, 19 Oct 2004 19:26:00 +0200

Hi,

If you are really concerned about this, prohibit the mapping of local
drivers over terminal services. This will prevent them from mapping their
local drives to your server (but it may limit their work). This way all they
can do is transfer files on the network where the terminal server is.

Terminal session itself is encrypted (I think Windows 2000 use 56 bit
encryption while Windows 2003 use 128 bit -- also depends on the client that
they use...). Assign your customer strong - hard to guess password.
Personally I limit access to terminal servers only to customers IP addresses
not the whole internet (I don't want every "kid" on the internet trying out
the passwords on logon screen)... Another option would be to first connect
to VPN server and only then the vendor is allowed to connect to the TS (and
only TS over TCP 3389).

Note, if you have TS located on LAN with other clients there is nothing
limiting your vendor to connect to other computers on LAN from this TS
server...

Mike

"Bjarni" <Bjarni@discussions.microsoft.com> wrote in message
news:9BCDE136-8F99-4CD4-B6C2-C9EAE7C93E1B@microsoft.com...
> I have a vendor that wants to have access to an application on my server,
I
> was thinking about using TS, but I have concerns over viruses coming from
the
> vendors network. This is a financial database that the vendor would be
> connecting to and he would not have access to any other areas of the
server.
> Is my concern about viruses valid, or do I have nothing to worry about? I
am
> also worried about overall security on the vendor site, if I give him
access
> to my server and he has security breach then my security is breached
also..
> right?. Hope someone can help me by shedding light on these issues



Relevant Pages

  • Re: Delayed email from outside vendor or not arriving at all
    ... I understand that one vendor send email to ... your client will get Delivery Status Notification. ... I suggest we track the not receive email in your client SBS 2003. ... How to Enable Message Tracking Center on a Server ...
    (microsoft.public.windows.server.sbs)
  • [UNIX] Multiple Vendor X Server Vulnerabilities (XFree86-Misc, EVI, MIT-SHM, TOG-CUP, XI
    ... Multiple Vendor X Server Vulnerabilities (XFree86-Misc, EVI, MIT-SHM, ... Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index ... Local exploitation of an invalid array index vulnerability in the X.Org X ...
    (Securiteam)
  • Re: DHCP Vendor Classes
    ... i've been testing with Dell laptops too. ... Both Cisco and Dell are sending Vendor IDs, ... So I setup a vendor class for that ID, added an option 67 (boot filename), configured it, and tried to get it to take it - but the server doesnt hand it out. ...
    (microsoft.public.windows.server.general)
  • Advisory 13/2005: Remote code execution in SysCP
    ... Application: SysCP 1.2.10 and prior ... Vendor Status: Vendor has released an updated version ... hosting and co-location companies and can be used for complete server admin- ... Due to the sensitive nature of the vulnerability, ...
    (Bugtraq)
  • NII Advisory - Path Disclosure in Cold Fusion MX Server
    ... Path Disclosure in Macromedia ColdFusion MX Server ... Vendor: Macromedia http://www.macromedia.com ... We also develop host-based security auditing software - AuditPro for Windows, Unix, SQL, and Oracle ... This advisory may be redistributed, provided that no fee is assigned and that the advisory is not modified in any way. ...
    (NT-Bugtraq)