I agree, that port 3389 has seen a dramatic increase in attacks.

In addition, TS/RDP services running on a server are subject to a Man in the Middle attack because by default, Windows fails to provide secure authentication. We are often led to believe that the encrytion alone is enough, but that does not provide sufficient security with either the old or new version of RDP client that ships with most versions of windows.

This can be solved by installing a valid certificate on the server and workstations, then configuring TS to require mandatory authentication.

see Microsoft KB895433 for details.

Dimitrios Hilton
CISSP

________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Mike Hale [eyeronic.design (at) gmail (dot) com [email concealed]]
Sent: Tuesday, January 10, 2012 12:00 PM
To: William Baltas
Cc: mariofa88 (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: RDP over the internet

"Don't leave port 3389 open on the Internet at all, the port is much
too vulnerable."

Explain. What unpatched vulnerabilities for RDP exist in Server 2008?

Why is it more secure to provide your credentials to a third party and
to install a third party client on your machine?

On Tue, Jan 10, 2012 at 9:47 AM, William Baltas
<bill.baltas (at) cleanwaterteam (dot) com [email concealed]> wrote:
> Mario, Don't leave port 3389 open on the Internet at all, the port is much too vulnerable. If you need to perform remote administration, do this through a VPN tunnel or use a third party service such as gotomypc.
>
> Good Luck,
> Bill
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mariofa88 (at) gmail (dot) com [email concealed]
> Sent: Tuesday, January 10, 2012 9:22 AM
> To: security-basics (at) securityfocus (dot) com [email concealed]
> Subject: RDP over the internet
>
> Hi all I would like to know what are your opinions of using RDP over the internet on a Windows 2008 R2 server? Are there any major known exploits or vulnerabilities? How safe is the server with having port 3389 open to the internet.
>
> Rgds,
> Mario
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]