Security is often lacking in terminal servers because the majority of the devices were not built for use with critical industrial control systems (ICS) or other vital equipment. Therefore, experts recommend that such high-value hardware operate on a separate network, such as a virtual local area network, with a firewall between it and the corporate network.
While a VLAN would mean managing a separate network and set of credentials for administrators, the trouble would be far less than having the equipment compromised by a hacker, said Matthew Luallen, president and co-founder of CYBATI, which conducts classes in securing ICS.
"Administrative systems are high-value targets," Luallen said. "Once somebody is in, they're at admin privileges."
Sign up for CIO Asia eNewsletters.