Terminal Services Gateway

Version : Microsoft Windows Server 2008 and later

Windows Server 2008 Terminal Services Gateway (TS Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be terminal servers, terminal servers running RemoteApp programs, or computers with Remote Desktop enabled.

Netsurion Open XDR platform gathers and examines acquired logs to identify terminal server configurations, terminal server connections, terminal server desktop host activity. It generates reports for terminal services user session connected, user session disconnected, user authentication success, user authentication failed, and network traffic activity. It displays authentication success and failed with username’s, user session connected, and network traffic by systems. It alerts the users when terminal services gateway is shutting down and user authentication fails.

Netsurion Data Source Integrations for Terminal Services Gateway allows you to monitor the following components:

  • Security – User session connected and disconnected to network resources, and user authentication failed
  • Operations – User authentication success
  • Compliance – Network traffic inbound and outbound

Once Terminal Services Gateway is configured to deliver events to Netsurion Open XDR alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Terminal Service Gateway – User authentication failed This alert will trigger whenever user tries to authenticate but fails.
Security Terminal Service Gateqay – Gateway service shutdown This alert will trigger whenever RD gateyway service is shutting down.

Reports

Type Name Description
Security Terminal Services Gateway – Network resource connected or disconnected This report provides information related to session connected and disconnected to network resources, username, network resource name, IP address, data transferred, data downloaded, etc.
Security Terminal Services Gateway – Authentication failed This report provides information related to authentication failure for a user, reason for failure, device name, username, and IP address.
Operations Terminal Services Gateway – Authentication success This report provides information related to authentication success for a user, IP address, username, etc.
Compliance Terminal Services Gateway – Network traffic detail This report provides information related network inbound and outbound traffic, IP address, username, etc.

Documentation:

The configuration details are consistent with Netsurion Open XDR 9.2 and later, and Microsoft Windows Server 2008 and later.

Download Integration Guide and How-to Guide for configuration instructions and more information.