I probably should have been clearer, the dialup is on an interface of the
firewall. To allow Terminal Server access, I would have to allow it through
the firewall.
I guess I was thinking of concerns that the firewall no longer controlled
what people were allowed to do and that that responsibility would now fall
on the Terminal Server machine. Now I don't know a lot about Terminal
Server, but, as I understand it, if the Terminal Server machine allowed a
user to access other machines/applications/etc in your network, then there
might be a concern as to the size of hole you have opened.
I guess what I envision is: say the Terminal Server allowed you to telnet to
other servers (I don't know if TS can allow telnet or not), since I don't
allow anyone to telnet in from a dialup connection, TS has now become a
security threat since the firewall rules have basically been bypassed.
-----Original Message-----
From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 07, 2000 4:42 PM
To: Tucker, Greg; ''Fw-1-Mailinglist (E-mail)'
Subject: RE: [FW1] Microsoft Terminal Server Concerns
Well actually this is not much of a FW1 concern - but a general network
security concern. Do you want to allow dialup access into your network,
behind your firewall? If so, are you will to risk your network security on
MS authentication?
The dial up is basically a back door around your firewall.
Depending on what you need to accomplish with the TS, I would suggest at
least putting it in a DMZ. Even better to make it a standalone system (ie,
not a domain member). But that probably would defeat the purpose of the
request.
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, July 07, 2000 5:16 PM
> To: ''Fw-1-Mailinglist (E-mail)'
> Subject: RE: [FW1] Microsoft Terminal Server Concerns
>
> I hate to make assumptions, but can I assume that since no one responded
> to this, that nobody has any concerns???
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tucker, Greg
> Sent: Wednesday, July 05, 2000 1:58 PM
> To: ''Fw-1-Mailinglist (E-mail)'
> Subject: [FW1] Microsoft Terminal Server Concerns
>
>
> I've had a request to allow dial-up access to Microsoft Terminal
> Server.
>
> Can anyone list concerns, or point me to a sight the discusses what
> security issues to be concerned about when allowing this capability?
>
> Thanks.
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
