Chapter 11 of the Windows Server 2008 Security Guide: Hardening Terminal Services is now live on TechNet.
The details of the attack surface for the Terminal Services role(s) are included in the Windows Server 2008 Attack Surface Reference workbook included in the Guide. The Terminal Services role has the greatest attack surface and requires more configuration settings than the other role services discussed in the Guide. However, only the TS Gateway role service has specific security configuration changes. There are no additional steps to secure the TS Licensing, TS Session Broker, and TS Web Access role services.
Table 11.1 summarizes the recommended security configuration tasks for hardening servers performing the Terminal Services role, including:
The Windows Server 2008 Security Guide is designed to further enhance the security of the servers in your organization by taking full advantage of the new and improved security technologies and features in Windows Server 2008. Use the guidance to create, test, and deploy your security baseline quickly and reliably, harden your server workloads, and evaluate security setting recommendations to meet the requirements of your environment.
Along with the online version above, the Windows Server 2008 Security Guide is also available as a download and includes the following components: