Rdp over sslApr 05 2012 11:21PM Robert Smith (robert smith2929 gmail com) (1 replies)
Re: Rdp over sslApr 10 2012 03:11AM Stephanus J Alex Taidri (securityfocus ae taidri com) (1 replies)
Hi Robert,
The problem with self-signed-certificate is you really need to educate
the users and ensure they always check for the certificate issuer,
expiry, other parameters, etc before accepting the sessions.
As we know... most users don't bother and just click Accept.
That's mean, if the hijacker using MITM attack able to intercept your
traffic (which is easy if this is traverse the internet) and present
their own self-signed-certificate, most users do not aware and will
still Accept the connection, thus being hijacked.
Therefore it's imperative to implement a valid certificate either for
public CA or private CA as long as the chain can be validate back and
user's browser able to validate the authenticity of the certificate.
Kind regards,
SJ Alex Taidri
On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
> Hello all,
>
> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>
> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>
> Man in the middle , is it yet possible ?
>
> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>
> À certificate with * character resolve my problem ?
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
The problem with self-signed-certificate is you really need to educate
the users and ensure they always check for the certificate issuer,
expiry, other parameters, etc before accepting the sessions.
As we know... most users don't bother and just click Accept.
That's mean, if the hijacker using MITM attack able to intercept your
traffic (which is easy if this is traverse the internet) and present
their own self-signed-certificate, most users do not aware and will
still Accept the connection, thus being hijacked.
Therefore it's imperative to implement a valid certificate either for
public CA or private CA as long as the chain can be validate back and
user's browser able to validate the authenticity of the certificate.
Kind regards,
SJ Alex Taidri
On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
> Hello all,
>
> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>
> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>
> Man in the middle , is it yet possible ?
>
> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>
> À certificate with * character resolve my problem ?
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]