RE: Secure / Encrypt Terminal Services

From: disciple (marcus@nwnc.net)
Date: 11/26/02

  • Next message: Ingersoll, Jared: "RE: Exchange in the DMZ" 
    From: "disciple" <marcus@nwnc.net>
To: <ohnonono@hushmail.com>, <focus-ms@securityfocus.com>
Date: Mon, 25 Nov 2002 22:26:46 -0600

    Terminal Services has its own encryption capabilities (40 and 128 bit RC4 -
    the same stuff as WEP which has already been cracked). You'll want to
    install the patch available in Q article Q324380, and read the associated
    bulletin to make sure you're comfortable with it.

    In addition, there is a method for conducting terminal services sessions
    over SSH. The NSA has a "Guide to Securing Microsoft Windows 2000 Terminal
    Services" in pdf format on their site as well, but there is limited info on
    the encryption settings. The just recommend HIGH. If you're interested in
    the SSH option, drop me a note. I have a 1MB doc that discusses how to do
    it.

    m..

    -----Original Message-----
    From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com]
    Sent: Thursday, November 21, 2002 8:22 AM
    To: focus-ms@securityfocus.com
    Subject: Secure / Encrypt Terminal Services

    -----BEGIN PGP SIGNED MESSAGE-----

    Does the community have an opinion on which is the best way to do this? Can
    it be done via IP-Sec? Basically we have a machine (tripwire manager) that
    will have access to all our networks. Due to politics (gotta love security
    made insecure by politics) it must be remotely managed. The CIO (god bless
    CIO's) has decided that we will use terminal services. Is there a way to
    encrypt the traffic so it is not flying around the network in clear text?
    Would IP-Sec be the recomended solution?

    Suggestions or links (or gentle shoves) to the information would be great.

    Thanks

    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.2 (Java)
    Note: This signature can be verified at https://www.hushtools.com/verify

    wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9
    AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg=
    =2bx1
    -----END PGP SIGNATURE-----

    Get your free encrypted email at https://www.hushmail.com

    Relevant Pages

    • Re: Secure / Encrypt Terminal Services
      ... Secure / Encrypt Terminal Services ... Basically we have a machine (tripwire manager) ... that will have access to all our networks. ...
      (Focus-Microsoft)
    • RE: Secure / Encrypt Terminal Services
      ... Secure / Encrypt Terminal Services ... manager) that will have access to all our networks. ... (gotta love security made insecure by politics) ...
      (Focus-Microsoft)
    • RE: Secure / Encrypt Terminal Services
      ... Why not use the poor man's VPN and tunnel your terminal services sessions ... or use your favorite GUI-based SSH client and set up the forwarding...if ... will have access to all our networks. ... made insecure by politics) it must be remotely managed. ...
      (Focus-Microsoft)
    • RE: Secure / Encrypt Terminal Services
      ... I do this regularly using an SSH tunnel. ... to a file and edit the port you connect on. ... Secure / Encrypt Terminal Services ...
      (Focus-Microsoft)
    • RE: Secure / Encrypt Terminal Services
      ... >Has anyone implemented a layer of security before the RDP connection? ... >firewall, inside the firewall before the terminal server, or within the ... >By default Terminal Services does encrypt the session. ...
      (Focus-Microsoft)