Re: Remote Desktop vs VPN on Windows 2003
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 01/17/05
- Previous message: Pradeep Kumar: "Re: Citrix Hardening"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Michael Gale: "Re: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Jan 2005 18:51:51 +0100 To: security-basics@securityfocus.com
On 2005-01-14 Roger A. Grimes wrote:
> I can think of NO reason not to use Remote Desktop. Remote Desktop is
> fast and secure.
Fast: yes. But secure? AFAIK terminal services use RC4 for encryption
which is known to be weak for quite a few years now. Better set up an
SSH server and establish the RDP session through an SSH tunnel. That's
easy to setup, easy to use and secure as well.
> Everything is encrypted past the logon name. To get additional
> security assurance, change the default TCP port from 3389 to something
> randomly high...like 58645 (which you can do with a regedit on the
> server...just google it). Then add the new port number to your server
> address...like www.example.com:58645.
Switching ports is just adding obscurity, not security.
Regards
Ansgar Wiechers
-- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
- Previous message: Pradeep Kumar: "Re: Citrix Hardening"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Michael Gale: "Re: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
