Chapter 12: Security

Overview

A major part of any computing environment is security. We've not dwelled much on security in the preceding chapters due to the fact that when you focus on the security of your Terminal Server environment, you must do it from end-to-end. You can't just "do a little security here, and a little there." There would be no benefit to talking about security of profiles in the user profile chapter because even if you did everything profile-related to tighten security you might have overlooked a major security hole somewhere else.

To prevent this, we'll analyze the security elements of a complete Terminal Server system in this chapter. We will systematically analyze every Terminal Server component, taking note of what the potential security risks are and what to do to minimize each of them.

Let's begin by reviewing the components that make up a Terminal Server system. We can represent the individual components as layers in the complete Terminal Server system, as shown in Figure 12.1. (These layers like the OSI model applied to a Terminal Server.)

Figure 12.1: Terminal Server layers

This chapter focuses primarily on the security of the Terminal Server components. It is not meant to be an end-to-end security manual. Your Terminal Server environment is only as secure as its weakest component, and often human elements are involved for which no technical manual can prepare you.