Can I use Windows 2000 Server Terminal Services to manage an IIS server on a different floor? If so, what are the benefits and potential security risks?

Terminal Services provides a secure way to manage a Web server remotely. Using Terminal Services offers these benefits:

  • You can use strong encryption.
  • Terminal Services can take the place of several other services (e.g., the Administrative Web Site) because you can work on the Web server remotely.
  • Password hashes aren't vulnerable to sniffing because Terminal Services uses built-in Win2K authentication that's sent over the encrypted Terminal Services session.

However, the presence of any new service increases a Web server's exposure to brute-force, Denial of Service (DoS), and other attacks. If you have strong passwords and keep up with hotfixes, you'll reduce your security risks somewhat. Here are some other disadvantages of using Terminal Services:

  • If someone obtains a password, having a terminal on which to log on greatly simplifies an attack.
  • Terminal Services doesn't have a good logging mechanism, other than event logs.
  • Running Terminal Services on an obscure port is difficult.
  • Terminal Services doesn't offer a way to limit access by IP address.
  • Terminal Services is based on a relatively new protocol that hasn't undergone much scrutiny.

If you use Terminal Services, you should use packet filtering and logging mechanisms, such as Secure Shell (SSH), TCP wrappers, firewalls, and VPNs. I prefer to run an SSH daemon on an obscure port, which I can access only from a limited number of IP addresses. I use SSH-2 port mapping to tunnel Terminal Services through the connection. My SSH daemon provides a logging mechanism, and my firewall provides access control as well as logging. I prefer the SSH method because it gives me command access if Terminal Services isn't letting me log on and it lets me tunnel multiple services (such as FTP) over the same session. (Thanks to reader Mark Burnett for providing this answer.)