[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Windows 2000 Terminal Services
leaving the port open to the world leaves you open to scans on that port for DOS attacks but also username/password attacks. Limiting via IP address is a good thing so long as the range is not wide and does not also cover other businesses. Think of TS as a gui telnet. :-) regards Dean -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, 1 June 2001 3:46 AM To: [email protected]; [email protected] Subject: RE: [FW1] Windows 2000 Terminal Services Actually, the plan was to have a 3rd party vendor administer a server which is sitting on the DMZ. The vendor will be coming in from the Internet and not from the Intranet. I know that only one port is needed to be opened. I can also limit the group who can access the port ( using IP addresses of the vendor). The Terminal Services of Windows 2000 is encrypted so no one can eavesdrop. I have thought also of using Windows 2000 IPSec (kind of like a VPN), since I don't have firewall-1 VPN on my license. Are there any other security concern that I should think about ? Thanks, Jaime -----Original Message----- From: Niksa Franceschi [mailto:[email protected]] Sent: Thursday, May 31, 2001 12:00 AM To: '[email protected]'; [email protected] Subject: RE: [FW1] Windows 2000 Terminal Services IMHO, it shouldn't be a problem since you open only one port, and that from Intranet to DMZ, while you don't need to open any ports from DMZ to Intranet. Thus, it should be still rather safe (that's what I have configured now anyway). -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, May 29, 2001 9:08 PM To: [email protected] Subject: [FW1] Windows 2000 Terminal Services Does anyone know how secure is it to allow Windows 2000 Technical Services pass through the firewall and administer a host on the DMZ ? Thanks, Jaime ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|