http://blogs.technet.com/steriley/archive/tags/Terminal+Server/default.aspxTags: Terminal Serveren-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/steriley/archive/2005/06/28/Securing-Terminal-Services-over-the-Internet.aspxTue, 28 Jun 2005 19:54:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:406961Steve Riley3http://blogs.technet.com/steriley/comments/406961.aspxhttp://blogs.technet.com/steriley/commentrss.aspx?PostID=406961http://blogs.technet.com/steriley/rsscomments.aspx?PostID=406961<P>In my presentation on remote access at TechEd, I gave three scenarios:</P> <UL> <LI>web-based access to internal resources, published with ISA Server</LI> <LI>"desktop over the Internet" using Terminal Services and the remote desktop web connection</LI> <LI>full IP-based virtual private networks with L2TP+IPsec</LI></UL> <P>In the discussion on TS over the Internet, I failed to mention a very important bit. There is no mechanism built into RDP to authenticate the server to the client. This creates an opportunity to conduct a man-in-the-middle attack. Tools now exist to do exactly this.</P> <P>In Windows Server 2003, you can configure TS to use TLS for server authentication and data encryption. This is extremely important for anyone running TS over the Internet. See&nbsp;<A class="" href="http://support.microsoft.com/?id=895433" target=_blank mce_href="http://support.microsoft.com/?id=895433">KB 895433</A> for the step-by-step details.</P><img src="http://blogs.technet.com/aggbug.aspx?PostID=406961" width="1" height="1">access technologiesprotectionTechEdconfigurationTerminal Server