BlkKnight

Broad question: In a commercial environment, would you use Terminal Services over the internet?

Current set up:

WWW > Hardware NAT > UDP 3389 > Windows 2000 Server

I've made sure all users which access the TS over the WWW have very hard passwords. Encryption is set to high.
All other users have TS disabled.

Is there anything I should be worried about?

mike1210

my place used to do it, now its over IPsec/VPN

for info checking my router logs I've only ever been scanned once on the remote desktop port in a year (University in India IIRC) whereas VNC port 5900 I get scanned every hour usually

Defo use hard passwords etc

open ports makes people nervous but I wouldn't of thought its one of the most targeted ports as yet.

I think it would be better to VPN in then remote to your machine, but depends on budget really

BlkKnight

The router has VPN functionality - I'll have a look at it.

Kieran_Burns

iTrader: (1)

VPN gets my vote - much more secure plus you can limit what access you can grant to the accounts and assign static ips... much more granular security