Security Issues with Terminal Services

Wiindows Server 2003 set up in Terminal Services (Remote Desktop) mode offers Microsoft’s native encryption. The connection properties are set to encrypt to “Client Compatible” levels1. This means that data transmitted is secure and cannot be easily broken into via a “sniffer” or other utility that monitors a network and “captures” data passing through.  In Terminal Server setups, a login and password are required to access the network before logging in to the CSIU application.  The login and password are also encrypted for additional data security. 

It is not recommended to run other web services such as Microsoft Internet Information Server, Web, or FTP mail servers on the same server as the Windows Server 2003 setup for FoxPro applications.  Web, FTP, Mail servers are designed for global access with minimum restrictions, creating an “opening” for outside users to gain access to the server.  The safest approach is to purchase a dedicated machine for Internet services that does not house mission-critical or sensitive data. 

If you or a remote client uses a network firewall or has an agency-wide firewall, you must make provisions to enable appropriate ports (TCP Port 3389 for Terminal Services [Remote Desktop]).  

Other security methods such as Virtual Private Networks (VPNs) work in a similar fashion, but might reduce connection speed and network performance. 

The key point: Terminal Server and Citrix MetaFrame environments offer a high level of security that should meet the needs of most clients; however, districts should check with their auditors.  

1  © 2006 Microsoft Corporation. All rights reserved. TLS 1.0\SSL Settings: Event ID 1050. Updated: November 27, 2007. http://technet2.microsoft.com/WindowsServer (accessed on June 5, 2008).