RE: Windows Remote Desktop

• Previous message: David Gillett: "RE: Please help with this strangeness"
• Maybe in reply to: Michael Gale: "Windows Remote Desktop"
• Next in thread: Jamie Pratt: "Re: Windows Remote Desktop"
• Reply: Jamie Pratt: "Re: Windows Remote Desktop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 15 Jan 2004 13:29:26 -0500
To: Shawn Jackson <sjackson@horizonusa.com>, jamesworld@intelligencia.com

Two statements I don't agree with:

1) "Additionally no actual 'data' is transferred through the RDP
connection, it's just interface information (mouse movement, button
clicks, typing) and screen refreshes. Now if you were using the resource
mapping then data would traverse the RDP connection and would be subject
to its encryption."
        Data is sent over the wire concerning keystrokes, mouse
movements and screen refresh data. Obviously this information,
particularly keystrokes can provide data to a hacker. However all
information set via RDP is encrypted the default is 56-bit with the
capacity to use 128-bit RC4. Even when using local resources, the data
is still encrypted with 128-bit security.

2) "All in all I think that PCAnywhere and Citrix have
more secure RDP/VNC like interfaces"
        The default security setting in Citrix is basic (no encryption)
PCAnywhere maybe better, I'm not sure. Both Citrix and RDP are
vulnerable to MiM attacks. Citrix does have the capability to use SSL
but this is comprable to Microsoft's VPN solution.

Denny

-----Original Message-----
From: Shawn Jackson [mailto:sjackson@horizonusa.com]
Sent: Wednesday, January 14, 2004 6:36 PM
To: jamesworld@intelligencia.com
Cc: Michael Gale; security-basics@securityfocus.com
Subject: RE: Windows Remote Desktop

        Well transferring data outside a company is easier then pie
these days. With everything from encrypted email to USB drives it's hard
to use that as a sole point 'ban' RDP to offsite resources. Unless
you're running at high level security i.e. Military, Extremely Sensitive
Work, National Security the movement of data offsite would be a
secondary concern.

        The RDP encryption is 'in transit' protection and won't protect
the resources. I personally never use the clipboard sharing,
drive/printer mapping, etc. Access to those resources should be dictated
by the company security policy and doesn't follow the 'security' of the
protocol/connection. Seaming the connection is one-way (From Workstation
or RDP Host) it hard to open a hole/exploit through an infected RDP host
and use the RDP interface to your advantage.

        Additionally no actual 'data' is transferred through the RDP
connection, it's just interface information (mouse movement, button
clicks, typing) and screen refreshes. Now if you were using the resource
mapping then data would traverse the RDP connection and would be subject
to its encryption. All in all I think that PCAnywhere and Citrix have
more secure RDP/VNC like interfaces but RDP is pretty secure by itself.
Just as James stated, watch the local resource mapping.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
             (800) 325-1199 x338

-----Original Message-----
From: jamesworld@intelligencia.com [mailto:jamesworld@intelligencia.com]

Sent: Wednesday, January 14, 2004 3:03 PM
To: Shawn Jackson
Cc: Michael Gale; security-basics@securityfocus.com
Subject: RE: Windows Remote Desktop

Ahh,,

but what about the option to connect local resources......

Drives
Printers
Serial Ports
Smart Cards

....

Talk about the ability to transfer company data out... What is
protecting
the actual data, MS RDP encryption which defaults to "medium" security
by
default.

Again it comes back to.......What is the company policy? If it doesn't
cover it, the policy needs to be updated.

-James

At 12:14 01/14/2004, Shawn Jackson wrote:

> Eh' for 'Testing' I use a remote SSH server off my backbone. I
>do 'periodically' login to my remote XP workstation and do some work.
>Because only screen information is transmitted even if that system was
>hacked or infected with a virus it won't affect my network at work. My
>XP system doesn't sit directly on the Internet through; it goes through
>a Debian box running iptables.
>
>Shawn Jackson
>Systems Administrator
>Horizon USA
>1190 Trademark Dr #107
>Reno NV 89521
>www.horizonusa.com
>
>Email: sjackson@horizonusa.com
>Phone: (775) 858-2338
> (800) 325-1199 x338
>
>-----Original Message-----
>From: Michael Gale [mailto:michael@bluesuperman.com]
>Sent: Tuesday, January 13, 2004 8:35 PM
>To: security-basics@securityfocus.com
>Subject: Windows Remote Desktop
>
>Hello,
>
> I have a question, I have locked down a company network
allowing
>only
>web browsing, SSH and FTP. Nothing else is need and soon SSH and FTP
>will be gone hopefully once the VPN is final.
>
>Right now a internal user is complaining about the fact their remote
>desktop connection to their home PC is no longer working.
>
>The justification is that a remote PC out side the network is needed
for
>testing. At which point I gladly offered to setup a out side box for
>testing. :)
>
>Any ways the question I have is, do you feel that Remote Desktop (into
>WinXP) is a secure enough connection to allow it. I mind you that this
>is supposed to be a outbound connection only but you never know with
>windows.
>
>
>--
>Hand over the Slackware CD's and back AWAY from the computer, your geek
>rights have been revoked !!!
>
>Michael Gale
>Slackware user :)
>Bluesuperman.com
>
>-----------------------------------------------------------------------
-
>---
>Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
>any
>course! All of our class sizes are guaranteed to be 10 students or
less.
>
>We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
>Prevention,
>and many other technical hands on courses.
>Visit us at http://www.infosecinstitute.com/securityfocus to get $720
>off
>any course!
>-----------------------------------------------------------------------
-
>----
>
>
>-----------------------------------------------------------------------

----
>Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any
>course! All of our class sizes are guaranteed to be 10 students or
less.
>We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
>and many other technical hands on courses.
>Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off
>any course!
>-----------------------------------------------------------------------
-----
------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

• Previous message: David Gillett: "RE: Please help with this strangeness"
• Maybe in reply to: Michael Gale: "Windows Remote Desktop"
• Next in thread: Jamie Pratt: "Re: Windows Remote Desktop"
• Reply: Jamie Pratt: "Re: Windows Remote Desktop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]