|
|
Security Basics
RDP over the internet Jan 10 2012 05:22PM mariofa88 gmail com (6 replies) RE: RDP over the internet Jan 10 2012 05:47PM William Baltas (bill baltas cleanwaterteam com) (2 replies) Re: RDP over the internet Jan 10 2012 06:00PM Mike Hale (eyeronic design gmail com) (4 replies) Re: RDP over the internet Mar 14 2012 01:41PM Alex Fiuvertiz (fiuvertiz gmail com) (3 replies) Re: RDP over the internet Mar 16 2012 09:29AM Ansgar Wiechers (bugtraq planetcobalt net) (1 replies) Re: RDP over the internet Mar 17 2012 01:46PM Thugzclub (thugzclub googlemail com) (1 replies) Re: RDP over the internet Mar 17 2012 06:04PM Ansgar Wiechers (bugtraq planetcobalt net) (1 replies) RE: RDP over the internet Mar 19 2012 05:05PM Dan Lynch (DLynch placer ca gov) (1 replies) Re: RDP over the internet Mar 19 2012 06:52PM Ansgar Wiechers (bugtraq planetcobalt net) (1 replies) Re: RDP over the internet Mar 15 2012 06:43AM Mike Hale (eyeronic design gmail com) (1 replies) Re: RDP over the internet Mar 15 2012 10:12PM Thugzclub (thugzclub googlemail com) (3 replies) Re: RDP over the internet Jan 10 2012 06:46PM joseph itsec-asia com (2 replies) Re: RDP over the internet Jan 10 2012 07:29PM Ansgar Wiechers (bugtraq planetcobalt net) (1 replies) Re: RDP over the internet Jan 10 2012 10:05PM security (at) stealthnodes (dot) com [email concealed] (security stealthnodes com) Re: RDP over the internet Jan 10 2012 06:43PM Ricardo Ferreira (ricardo ferreira sotechdatacenter com br) (2 replies) |
|
Privacy Statement |
I don't think that RDP's encryption will be enough neither changing the
portnumber (portscanners etc.) A solution proposed by the others might
work using both authentication and encryption.
RDP's authentication via username and password seems to be not enough
because it can be bruteforced on bad passwords. It seems that there is
no additional "salting". If I am wrong please corect me :-)
Rgds,
Andre
> Hi,
>
> 3389 is a RDP, if attacker find open port on 3389 they can guessing is a RDP running on the host (server).
>
> Actually Win Server 2008 (equivalent) has a RDP with good encryption.
>
> But,
>
> This is not enough to securing your RDP Connections. My very best practice are just changing your RDP Port number ..
>
> ##sory for my bad english##
>
>
> Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!
>
> -----Original Message-----
> From: Mike Hale <eyeronic.design (at) gmail (dot) com [email concealed]>
> Sender: listbounce (at) securityfocus (dot) com [email concealed]
> Date: Tue, 10 Jan 2012 10:00:09
> To: William Baltas<bill.baltas (at) cleanwaterteam (dot) com [email concealed]>
> Cc: mariofa88 (at) gmail (dot) com [email concealed]<mariofa88 (at) gmail (dot) com [email concealed]>; security-basics (at) securityfocus (dot) com [email concealed]<security-basics (at) securityfocus (dot) com [email concealed]>
> Subject: Re: RDP over the internet
>
> "Don't leave port 3389 open on the Internet at all, the port is much
> too vulnerable."
>
> Explain. What unpatched vulnerabilities for RDP exist in Server 2008?
>
> Why is it more secure to provide your credentials to a third party and
> to install a third party client on your machine?
>
> On Tue, Jan 10, 2012 at 9:47 AM, William Baltas
> <bill.baltas (at) cleanwaterteam (dot) com [email concealed]> wrote:
>> Mario, Don't leave port 3389 open on the Internet at all, the port is much too vulnerable. If you need to perform remote administration, do this through a VPN tunnel or use a third party service such as gotomypc.
>>
>> Good Luck,
>> Bill
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mariofa88 (at) gmail (dot) com [email concealed]
>> Sent: Tuesday, January 10, 2012 9:22 AM
>> To: security-basics (at) securityfocus (dot) com [email concealed]
>> Subject: RDP over the internet
>>
>> Hi all I would like to know what are your opinions of using RDP over the internet on a Windows 2008 R2 server? Are there any major known exploits or vulnerabilities? How safe is the server with having port 3389 open to the internet.
>>
>> Rgds,
>> Mario
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]