Greetings,
I have a proposed setup that I would like to get some feedback on possible security implications on.
This is the setting:
There are two LAN-segments, divided by a firewall. Lan-segment 1 (lets call it LAN1) has a Windows 2012 server domain with attached clients. There is therefore an DC-server in that segment, this is the primary DC. LAN-segment 2 (LAN2) has a RemoteApp server. The clients in LAN1 have no direct connection to the Internet but uses a browser published to them via RemoteApp from LAN2. In LAN2 there is a read-only DC. The RemoteApp-server is a member of the domain. The firewall between LAN1 and LAN2 only allows RDP (RemoteApp) traffic from the clients and communication between the DC:s in LAN1 and LAN2.
My questions regarding security are as follows:
1. Would you consider this a safe sollution in a setting that requires high security.
2. What security implications can be indentified? One that I can think of for example is that if the server that hosts the RemoteApps in LAN2 gets infected with a trojan it gets access to all user connections to the internet that passes through it, but can it also capture the domain logins provided? That is, where is the authentication taking place when a client connects to a RemoteApp-server, on the client in LAN1 or on the server in LAN2?
3. Is there a better (read more secure) way to do this?
I'm very thankful for any feedback and/or constructive critisism of the above.
Regards
Gunnar