We're currently using a means of remote access to our network that is dangerously insecure, I'm afraid. I could definitely use some advice on how to resolve this.

Presently, we have two Windows 2000 terminal servers on our network. Every user can log into these terminal servers remotely via a terminal services connection through the Internet. All that's needed is the IP address of the terminal server and the user name and password.

From what I've been told, someone could intercept data moving between the remote user and the terminal server.

One solution that has been suggested is that we set up a VPN so that the WAN connection to the terminal server is tunneled and thus the data, even if interecepted, would be unintelligible.

That being the case, could you guys recommend either
(1) What you think the best VPN solution might be for these remotely accessed terminal servers, or
(2) What other solutions might be better than a VPN.

Thanks!