Terminal Services Security Running Terminal Services may expose your domain to significant security risks if appropriate precautions are not taken before and during the Terminal Server deployment. The book "Hacking Exposed Windows 2000: Network Security and Solutions", by Joel Scambray and Stuart McClure, provides excellent coverage of Terminal Services security in Chapter 12. After all maintenance and hotfixes are applied to your Terminal Server, be sure to install and configure the following two utilities, available in the Windows 2000 Server Resource Kit. TsVer.exe Version Limiter is a GUI-based tool that allows you to set whether the Terminal Services Client supports version checking. This allows you to limit access. Terminal Services Version Monitor (TsVer) is an administrative tool for enforcing policies with respect to WinStation client build numbers. This tool consists of two components, a wizard for editing policies, enabling, and disabling version checking, as well as a dynamic link library for enforcing policies. TsVer provides a way for you to exercise control over which WinStation clients can connect to your servers. Version Limiter features include: explicit control over which client builds are permitted on your server. easily enabled or disabled. option for sending customized messages to rejected clients. all failed logon attempts recorded to Windows event log with IP address and computer name. AppSec.exe The Application Security tool is a GUI-based application that allows an administrator in a multi-user environment to restrict the access of ordinary users to a predefined set of applications on the network. Enabling application security using this tool will cause the system to reject any attempts by ordinary users to execute a program that they are not authorized to use. -----Original Message----- From: Ralph Los [mailto:RLosat_private] Sent: Friday, January 10, 2003 10:09 AM To: 'Pen-testat_private' Subject: MS Terminal Services open to the world Sensitivity: Confidential Hello all, I've got a pretty good client of mine who absolutely refuses to heed my warnings about keeping Terminal Services open to the world. They rely on Windows passwords and figure that's strong enough for all their servers (management). Now I'm given the task of auditing their security/infrastructure and would like to come up some creative ways to back up my point about MS TS open to the Internet being a bad idea. Any thoughts or input is appreciated. Ralph ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Jan 11 2003 - 16:06:21 PST