Securing Microsoft Terminal Services First Web Edition
Securing Microsoft Terminal Services
First Web Edition
Author:
Roddy Rodstein, CISSP, MCSE, LPI, CEH, CCA
Limits of Liability and Disclaimer of Warranty
This publication contains information protected by copyright. This book may not be duplicated in any way without the express written consent of the publisher, except in the form of brief excerpts or quotations for the purpose of review. The information contained herein is for the personal use of the reader and may not be incorporated in any commercial programs, other books, databases, or any kind of software without the written consent of the publisher. Making copies of this book or any portion for any purpose other than your own is a violation of United States copyright laws.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
The information found in this document was gathered from many different sources in the computing world. It is provided for informational purposes only. Use common sense in applying these concepts and tips. Screen shots may vary from environment to environment. Please verify correctness and applicability in a test environment first and then deploy to your production environment(s).
© 2007 Roddy Rodstein
http://www.vellity.com
All rights reserved.
Trademarks
Trademarked names appear throughout this book. Rather than listing the names and entities that own the trademarks or include a trademark symbol with each mention of the trademark name, the publisher states that he is using the name for editorial purposes only and to the benefit of the trademark owner, with no intention of infringing upon that trademark.
Dedication
This book is dedicated to my mother, Marcia Haenle, who is living proof that life just keeps getting better and better.
—Roddy
About the Author
Roddy Rodstein (CISSP, MCSE, LPI, CEH, CCA) has over 10 years of professional experience in the IT industry. In his current role at Oracle, he is a member of the Unbreakable Linux and Oracle VM team. Before joining Oracle, Roddy spent six years at Citrix supporting the company's core product, XenApp. During his tenure with Citrix, he wrote and published an “in the Box” series of e-Books, including Nfuse Elite in a Box, MetaFrame Secure Access Manager in a Box, MetaFrame Presentation Server for UNIX in a Box, and Citrix SmartAccess in a Box. Earlier in his career, Roddy successfully established, owned, and operated an IT consulting business that specialized in server based computing and remote access solutions. His professional achievements also extend to writing and self-publishing industry reference guides currently available on Amazon, Securing Microsoft Terminal Services (ISBN: 061514330X) and Citrix CCA MetaFrame 1.8 for Windows Exam Cram (ISBN: 1576109453).
Acknowledgments
Thanks to all the people in my life who have been patient with me while I worked on this project. A special thanks also to Doug Brown of DABCC.COM for all of his help in making this book possible, Brad Tompkins for taking the time to read multiple revisions of the book and providing his invaluable input and to Greyson Mitchem for his support.
—Roddy
As the reader of my book, you are my most important critic. I really value your opinion and would like to understand your security challenges, what we can do better in security areas, and what areas you'd like to see me write about.
I welcome your comments! Please feel free to email me directly or visit my web site to let me know what you did or didn't like about this book as well as what I can do to make the next edition of this book better.
When you write, please be sure to include this book's title, your name, and your email address. I will carefully review your comments and get back with you as soon as possible.
Please stay tuned to http://www.seoutsourcing.com for the Securing Microsoft Terminal Services errata page, security articles, and whitepapers.
Web Site: http://www.seoutsourcing.com
Chapters at a Glance
Preface
Chapter 1: Terminal Server and Enterprise Security
Chapter 2: Terminal Server Technical Review
Chapter 3: Terminal Server and Supporting Computing Models
Chapter 4: Enterprise Architecture
Chapter 5: Enterprise Security Architecture
Chapter 6: Physical and Environmental Security
Chapter 7: Password Policy
Chapter 8: Windows Terminal Server Standards
Chapter 9: Windows Server Security Policy
Chapter 10: Terminal Server Installation Baseline
Chapter 11: Terminal Server Security Baseline
Chapter 12: Software Restriction Policy Baseline
Chapter 13: Session Directory Configuration Baseline
Chapter 14: Terminal Server Network Load Balancing Baseline
Chapter 15: Terminal Server System Auditing
Chapter 16: Log Management Policy
Chapter 17: Incident Response Policy
Chapter 18: Audit Vulnerability Scan Policy
Index
Policies at a Glance
Platform Architecture Policy
Network Architecture Policy
Data/Information Classification and Categorization Standard
Terminal Server Application Software Policy
Terminal Server Anti-Virus Software Guidelines
Change Management Policy
Risk Assessment Policy
Enterprise Security Policy
IT Server Room Security Policy
Password Policy
Windows Terminal Server Standards
Windows Server Security Policy
Terminal Server Installation Baseline
Terminal Server Security Baseline
Software Restriction Policy Baseline
Session Directory Configuration Baseline
Terminal Server Session Directory Group Policy Configuration Baseline
Terminal Server Network Load Balancing Configuration Baseline
Log Management Policy
Incident Response Policy
Audit Vulnerability Scan Policy
