Re: MS Terminal Services open to the world

From: Deus, Attonbitus (Thor@HammerofGod.com)
Date: 01/10/03

Next message: aladin168: "Change MAC Address"

Previous message: Martin Eiszner: "Re: PerlModule Apache::AuthDBI"
Maybe in reply to: Ralph Los: "MS Terminal Services open to the world"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 10 Jan 2003 09:36:30 -0800
To: "Ralph Los" <RLos@enteredge.com>, "'Pen-test@securityfocus.com'" <Pen-test@securityfocus.com>
From: "Deus, Attonbitus" <Thor@HammerofGod.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 07:09 AM 1/10/2003, Ralph Los wrote:
>Hello all,
>
> I've got a pretty good client of mine who absolutely refuses to heed
>my warnings about keeping Terminal Services open to the world. They rely on
>Windows passwords and figure that's strong enough for all their servers
>(management). Now I'm given the task of auditing their
>security/infrastructure and would like to come up some creative ways to back
>up my point about MS TS open to the Internet being a bad idea.
>
>Any thoughts or input is appreciated.

Just like anything else, if configured poorly, they can get nailed-

However, if they set the encryption level to High, they'll get a 128 bit
encrypted session... Of course they should rename the administrator
account and use strong passwords to thwart BF attacks, and changing the
default listening port from 3389 to something else helps as well. If
possible, the firewall/router should include approved external IP ranges
that can hit that port, but you obviously can't always to that. Logon
banners can help too...

If they take a few simple measures to secure it, terminal services can
provide a great remote management tool while minimizing the security issues
associated with it...

hth

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPh8EnohsmyD15h5gEQL+FgCeKADeiaeakhhgcMb6kXsNls1ZfXQAoPcv
E0EoKmBGgsoQSI0AepeiPAVd
=7peA
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: aladin168: "Change MAC Address"
Previous message: Martin Eiszner: "Re: PerlModule Apache::AuthDBI"
Maybe in reply to: Ralph Los: "MS Terminal Services open to the world"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: (prevent + detect Arp spoofing) + Securing Terminal Services
... (prevent + detect Arp spoofing) + Securing Terminal Services ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
(Focus-Microsoft)
Re: Terminal Services Auditing?
... Subject: Terminal Services Auditing? ... Better Management for Network Security ...
(Focus-Microsoft)
Windows 2000 Security Roll-up and Terminal Services
... I recently installed the Windows 2000 Security Roll-up on several servers ... and had some troubles with Terminal Services afterwards. ... On another server, terminal services ...
(NT-Bugtraq)
Re: Windows Server 2008 TS Error.
... I use any other method to achieve the same.It is security breach and any ... Microsoft MVP - Terminal Services ... How can i prevent users from accessing drives of WIN2K8 server.?? ... members of the Remote Desktop Users group have this ...
(microsoft.public.windows.terminal_services)
RE: Terminal Services Auditing?
... displaying them in 'Terminal Services Manager' snap-in. ... Better Management for Network Security ...
(Focus-Microsoft)