Thoughts from the EPS Windows Server Performance Team
We often get questions on configuring Terminal Server Authentication. The questions have less to do with configuring a simple logon scenario than they do with preventing attacks, in particular “Man in the Middle” attacks – especially when the Terminal Servers may be publicly accessible. For those of you who are unfamiliar with the “Man in the Middle” scenario, this describes a situation in which an attacker intercepts the communication between two parties, and impersonates each one to the other. There have been several improvements in Terminal Server security that can protect against attacks.
Our fellow bloggers on the Terminal Services team published post on Configuring Terminal Servers for Server Authentication to Prevent “Man in the Middle” Attacks. The post covers Network Level Authentication (NLA) and using SSL / TLS (among others).
Until next time …
- CC Hameed