So, I thought if you used NLA, then RDP was AOK. Just use best practice
precautions. Is there an easy GPME fix for 2008 Server (not R2) or
Windows 2003 Server to lock down Domain joined computing devices? I
would like a link for that.

On 3/16/2012 7:24 AM, Dave Wray wrote:
>>> I remember this old conversation. New light perhaps?
> Not really.
>
> What was said then was a massive generalisation that couldn't really be
> backed up with any solid data i.e. exploitable vulns in RDP. A hark back to
> the old "You can't do that, it's insecure" days that saw CEOs treating
> Security Officers like the enemy because they got in the way of "the
> business".
>
> The new vulnerability has changed the threat landscape in terms of RDP. But
> that's what we do, we deal with an ever changing landscape. What was said
> then is still a massive generalisation, which, at the time still had no
> solid data. Today's patch doesn't make it visionary or forward looking
> (unless of course the author was sitting on a big fat zero-day..).
>
> However. We have a vuln, we have a patch. That's it. If there was a new
> patch for IIS tomorrow, would we see it being pulled from use by thousands
> of organisations? No.
>
> D
>
>
>
>
>
> ________________________________________________________________________

> Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message.
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]