RE: Secure / Encrypt Terminal Services

From: Kent Hundley (kent.hundley@prodigy.net)
Date: 11/27/02

  • Next message: Anders Thulin: "Odd entries in Win XP Pro Certificate MMC snap-in"
    Date: Wed, 27 Nov 2002 09:34:02 -0800
    To: TSimons@Delphi-Tech.com, focus-ms@securityfocus.com
    From: Kent Hundley <kent.hundley@prodigy.net>
    
    

    You can also check into CIPE: http://sites.inka.de/sites/bigred/devel/cipe.html

    I've used it on Windows 2000 before and it works great, although it would
    be cumbersome to manage the keys if you have many different hosts.

    HTH,
    Kent

    At 11:20 AM 11/26/2002 -0500, TSimons@Delphi-Tech.com wrote:
    >Has anyone implemented a layer of security before the RDP connection? I've
    >hear ZeeBeDee thrown around, ect.
    >
    >It needs to be invisible to the enduser, and sit either outside the
    >firewall, inside the firewall before the terminal server, or within the
    >firewall.
    >
    > \\
    >InternetUser---||---[TS Login Screen]
    > //
    >
    >~Todd
    >
    >-----Original Message-----
    >From: Adrian.Mink@pinnaclewest.com [mailto:Adrian.Mink@pinnaclewest.com]
    >Sent: Tuesday, November 26, 2002 11:15 AM
    >To: TSimons@Delphi-Tech.com; ohnonono@hushmail.com
    >Cc: focus-ms@securityfocus.com
    >Subject: RE: Secure / Encrypt Terminal Services
    >
    >
    >By default Terminal Services does encrypt the session. Go to Terminal
    >Services Configuration -> RDP-Tcp Properties -> General. You can set the
    >encryption level there. Note that there is no way to turn encryption off,
    >just to set Low, Medium and High.
    >
    >Adrian
    >
    >-----Original Message-----
    >From: TSimons@Delphi-Tech.com [mailto:TSimons@Delphi-Tech.com]
    >Sent: Monday, November 25, 2002 8:42 PM
    >To: ohnonono@hushmail.com
    >Cc: focus-ms@securityfocus.com
    >Subject: RE: Secure / Encrypt Terminal Services
    >
    >
    >We're looking for the same thing, I'll be watching posts, initial finds are:
    >
    >Check out www.jsiinc.com
    >http://www.jsiinc.com/subk/tip5000/rh5017.htm
    >http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315055
    >
    >We're looking for solutions on how to add another layer of security without
    >inhibiting functionality, maybe something at the firewall level
    >
    >-----Original Message-----
    >From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com]
    >Sent: Thursday, November 21, 2002 9:22 AM
    >To: focus-ms@securityfocus.com
    >Subject: Secure / Encrypt Terminal Services
    >
    >
    >
    >-----BEGIN PGP SIGNED MESSAGE-----
    >
    >Does the community have an opinion on which is the best way to do this? Can
    >it be done via IP-Sec? Basically we have a machine (tripwire manager) that
    >will have access to all our networks. Due to politics (gotta love security
    >made insecure by politics) it must be remotely managed. The CIO (god bless
    >CIO's) has decided that we will use terminal services. Is there a way to
    >encrypt the traffic so it is not flying around the network in clear text?
    >Would IP-Sec be the recomended solution?
    >
    >Suggestions or links (or gentle shoves) to the information would be great.
    >
    >Thanks
    >
    >
    >-----BEGIN PGP SIGNATURE-----
    >Version: Hush 2.2 (Java)
    >Note: This signature can be verified at https://www.hushtools.com/verify
    >
    >wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9
    >AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg=
    >=2bx1
    >-----END PGP SIGNATURE-----
    >
    >
    >
    >
    >Get your free encrypted email at https://www.hushmail.com