RE: Secure / Encrypt Terminal Services

From: epic (epic@surrealideas.com)
Date: 11/26/02

  • Next message: Fraser Hugh: "RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)" 
    From: "epic" <epic@surrealideas.com>
To: <ohnonono@hushmail.com>, <focus-ms@securityfocus.com>
Date: Tue, 26 Nov 2002 14:26:08 -0700

    There was a pretty decent paper on securityfocus about 2 months ago
    about doing this a number of ways. I will search and provide the link
    below if I find it.

    My suggestion would be to use an encrypted tunnel between client and
    server, whether this uses an app like stunnel, or a VPN providing
    encryption is up to you.

    http://online.securityfocus.com/infocus/1629

    I have used stunnel, and zebedee to do a few various services using
    encryption, and I believe zebedee to work fine for terminal services.
    You will want to read the link above.

    If you have any questions, let me know.

    -----Original Message-----
    From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com]
    Sent: Thursday, November 21, 2002 7:22 AM
    To: focus-ms@securityfocus.com
    Subject: Secure / Encrypt Terminal Services

    -----BEGIN PGP SIGNED MESSAGE-----

    Does the community have an opinion on which is the best way to do this?
    Can it be done via IP-Sec? Basically we have a machine (tripwire
    manager) that will have access to all our networks. Due to politics
    (gotta love security made insecure by politics) it must be remotely
    managed. The CIO (god bless CIO's) has decided that we will use
    terminal services. Is there a way to encrypt the traffic so it is not
    flying around the network in clear text? Would IP-Sec be the recomended
    solution?

    Suggestions or links (or gentle shoves) to the information would be
    great.

    Thanks

    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.2 (Java)
    Note: This signature can be verified at https://www.hushtools.com/verify

    wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9
    AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg=
    =2bx1
    -----END PGP SIGNATURE-----

    Get your free encrypted email at https://www.hushmail.com

    Relevant Pages

    • RE: Secure / Encrypt Terminal Services
      ... Terminal Services does have decent encryption, ... IPSec is a great solution. ... As for the encryption, I do feel somewhat safe using the built-in ... I would certainly consider additional security. ...
      (Focus-Microsoft)
    • RE: Secure / Encrypt Terminal Services
      ... if you change the ts port - the pocket pc clients ... client connection port. ... doesn't alter the ts encryption level available ... Secure / Encrypt Terminal Services ...
      (Focus-Microsoft)
    • Re: MS Terminal Services open to the world
      ... but facts, facts, and more facts would be my choice. ... You may find the terminal services [with version control, ... not to have servers / services / clients exposed ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • RE: Secure / Encrypt Terminal Services
      ... Terminal Services is a built-in service in Windows 2000 that provides ... admins with a remote desktop for managing a server. ... So, really, the main limitations are the type of encryption or its ...
      (Focus-Microsoft)
    • Re: Terminal Services
      ... >Windows 2000 Terminal Services supports three levels of encryption: ... >installing a network packet analyzer to eavesdrop on the Terminal Services ...
      (microsoft.public.win2000.security)