|
|
Focus on Microsoft
Remote connections Oct 13 2004 06:58PM Paul Aviles (paviles adjoined com) (3 replies) Re: Remote connections Oct 13 2004 09:42PM GuidoZ (uberguidoz gmail com) (1 replies) Re: Remote connections Oct 14 2004 03:43PM Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (2 replies) |
|
Privacy Statement |
> > Why not? I don't know of any current exploit for RDP set to high
> > encryption, and even if there were any, connections may very well be
> > shielded by encrypted tunnels.
>
> I'm not aware of any currently either, but as their track record
> proves, that's meaningless. It was more of a retorical question and a
> snide remark - please excuse it.
Thor@hammerofgod was working on a brute forcer for term serv/RDP
stuff. Haven't checked on it in awhile, but he recommended
implementing a standard login banner to slow it down, and password
lockouts, both of which are very very good ideas in general.
I haven't fully tested tightvnc, but another appeal of RDP/TS (beyond
its speed advantage, provided you connect with 256 color as opposed to
high bit depth) is with proper audit logging set up, you can generate
the following:
10/13/2004 3:23:24 PM 683 8 Success Audit event 2 Security
USERNAMEHERE|DOMAINNAMEHERE|(0x0,0xAAAAAA)|Unknown|CLIENTPCNAMEHERE|a.b.
c.d
SERVERNAMEHERE Session disconnected from winstation: User Name:
USERNAMEHERE Domain: DOMAINNAMEHERE Logon ID: (0x0,0xAAAAAA) Session
Name: Unknown Client Name: CLIENTPCNAMEHERE Client Address: a.b.c.d
10/13/2004 4:34:55 PM 682 8 Success Audit event 2 Security
USERNAMEHERE|DOMAINNAMEHERE|(0x0,0xAAAAA)|RDP-Tcp#4|CLIENTPCNAMEHERE|a.b
.c.d
SERVERNAMEHERE Session reconnected to winstation: User Name:
USERNAMEHERE Domain: DOMAINNAMEHERE Logon ID: (0x0,0xAAAAA) Session
Name: RDP-Tcp#4 Client Name: CLIENTPCNAMEHERE Client Address: a.b.c.d
That is from win2k, pulled with logparser. Having full audit
functionality in the native logging facilities is nice.
That all said, vnc vs rdp vs whathaveyou - a good starting assumption
is that everything should only be accessible via the vpn, if at all.
If it should be accessible through firewall without vpn, they ought to
be a stunning reason for it.
Matt
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]