Securing a RDS-WebAccess server
Securing any server is a never-ending story where every expert could add another chapter.
RDS-WebAccess benefits from and is compatible with existing security infrastructure in a company (Active Directory, GPOs, HTTPS servers, SSL or SSL telecommunication systems, VPN, access control with or without ID cards, etc).
For customers who want to easily secure their servers, RDS-WebAccess offers a set of simple and effective ways to enforce good levels of security.
Server side security options
The AdminTool allows you to deny access to any user that is not using a RDS-WebAccess connection program generated by the administrator. In this case, any user that would attempt to open a session with any Remote Desktop client other than the RDS-WebAccess one (assuming he has the correct server address, the port number, a valid logon and a valid password) will be disconnected automatically.
The administrator can decide that only members of the Remote Desktop User group will be allowed to open a session.
The administrator can decide that a password is mandatory to open a session.
Through setting the applicable local Group Policy, the administrator can specify whether to enforce an encryption level for all data sent between the client and the remote computer during a Terminal Services session.
If the status is set to Enabled, encryption for all connections to the server is set to the level decided by the administrator. By default, encryption is set to High.
The AdminTool includes a tool that enables hiding the server disk drives to prevent users from accessing folders through My Computer or standard Windows dialog boxes. On the Sessions - Settings tab, click on "Hide Disk drives":
The tool works globally. This means that even the administrator will not have a normal access to drives after the settings have been applied. On the example below, all drivers have been selected with the "select all" button, which will check all the box corresponding to drives that will be hidden to everybody:
Comment: This functionality is powerful and does not disable the access to the disk drives. It just prevents the user to display it.
Notes: The tool flags the disks drives as hidden, but it also adds the HIDDEN property to the entire root folders and users list in Document and Settings.
If the administrator wants to see these files he must:
- Type the disk drive letter. For example: D:\
which will take you to the D: drive.
- Turn on SHOW HIDDEN FILES AND FOLDERS in the folder view properties.
The Administrator can secure the Administrator Tool access by setting a pin code which will be asked at every start, on the Advanced tab of the AdminTool, under the Product Settings:
- Since RDS-WebAccess 11.40 version, you will find a one-of-a-kind Security Add-on Tool, which you can launch on the Security tab:
Which brings 6 powerful features, documented on this page.
The Web Portal Brute-Force Attacks Defender role is described on this page.
SSL Certificates process is detail on these pages:
- HTTPS, SSL & Certificates Tutorials.
- RDS-WebAccess provides an easy-to-use tool to generate of a free and valid SSL certificate: Free and Easy-to-install SSL Certificate
- Choose your Ciphers Suites to enhance Security.