-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 01:02 PM 5/8/2003, Dan Rowe wrote:

> I heard about the man-in-the-middle exploit that has been found
> for
>
>terminal services, and have learned that using ssl with terminal
>services
>
>can avoid this exploit, but in my case, i am unable to use ssl.

The post to BT about using SSL and the TSAC web client was actually
incorrect. Launching the activeX control via SSL is only secure for
the
control download- once the control in instantiated in memory, it
directly
connects to the tserver from the client - the SSL session no longer
applies.

A good bet is certificate based VPN or IPSEC between the hosts. And
you
can use IPSec to firewall off the IP/Ports to/from the addresses you
want. You might also play with the new Basic Firewall option in RRAS
on
Win2k3.

hth

t

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPrrMIohsmyD15h5gEQIH1QCfb0/a2F6fTZr+ymgXezcb2j9E97MAoMWP
6cZ/0k/9YWRbz2JF8pkfWGDl
=eqib
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------

[ reply ]