RE: Remote Desktop vs VPN on Windows 2003
From: David Gillett (gillettdavid_at_fhda.edu)
Date: 01/19/05
- Previous message: Giraldo Alonso Suárez: "RE: WinXP Login Logs"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Paris E. Stone: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Roger A. Grimes'" <roger@banneretcs.com>, "'Paris E. Stone'" <pstone@alhurra.com>, "'Jeff Randall'" <Jeff.Randall@ksg-llc.net>, <security-basics@securityfocus.com> Date: Wed, 19 Jan 2005 10:57:22 -0800
I hardly think that inviting the world to port-scan you
(or perhaps worse) is a sensible security posture....
David Gillett
> -----Original Message-----
> From: Roger A. Grimes [mailto:roger@banneretcs.com]
> Sent: Tuesday, January 18, 2005 10:53 AM
> To: Paris E. Stone; Jeff Randall; security-basics@securityfocus.com
> Subject: RE: Remote Desktop vs VPN on Windows 2003
>
>
> Security through obscurity is a type of security, and it works...just
> not in a vacuum...and not alone.
>
> Almost all major Internet worms would have be rendered defenseless by
> simply changing the port number one port up. 99.9% of hacks are
> automated using worms, viruses, and malicious scripts. Almost of of
> them (9999.99%) only look on the default port. Fastest worm ever..SQL
> Slammer...only worked on the default SQL port. Code
> Red...only port 80.
> Spambots look for ports 25 and 80. FTP exploits ONLY look for
> port 21. I
> could go on and on.
>
> Security by obscurity works, and works well. Come find my RDP
> port on my
> domain at banneretcs.com. Prize (free book) to the first person who
> finds it. Go.
>
> Roger
>
> **************************************************************
> **********
> ***
> *Roger A. Grimes, Banneret Computer Security, Computer Security
> Consultant
> *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
> *email: roger@banneretcs.com
> *cell: 757-615-3355
> *Author of Malicious Mobile Code: Virus Protection for Windows by
> O'Reilly
> *http://www.oreilly.com/catalog/malmobcode
> *Author of Honeypots for Windows (Apress)
> *http://www.apress.com/book/bookDisplay.html?bID=281
> **************************************************************
> **********
> ****
>
>
>
> -----Original Message-----
> From: Paris E. Stone [mailto:pstone@alhurra.com]
> Sent: Tuesday, January 18, 2005 10:40 AM
> To: Roger A. Grimes; Jeff Randall; security-basics@securityfocus.com
> Subject: RE: Remote Desktop vs VPN on Windows 2003
>
> "Security through Obscurity" i.e. put it on a different port, is not
> security at all.
>
> Rdesktop on the internet, is generally a bad idea, no matter what port
> it runs on.
>
>
> Put a firewall in front of it if possible, if not, run a software
> firewall and then add openvpn.
>
> www.openvpn.net is free, and will allow IPSEC connectivity
> that you can
> use to access the machine, then you get MSTSC(remote desktop) access
> over the tunnel.
>
> -----Original Message-----
> From: Roger A. Grimes [mailto:roger@banneretcs.com]
> Sent: Friday, January 14, 2005 5:16 PM
> To: Jeff Randall; security-basics@securityfocus.com
> Subject: RE: Remote Desktop vs VPN on Windows 2003
>
> I can think of NO reason not to use Remote Desktop. Remote Desktop is
> fast and secure. Everything is encrypted past the logon name. To get
> additional security assurance, change the default TCP port
> from 3389 to
> something randomly high...like 58645 (which you can do with a
> regedit on
> the server...just google it). Then add the new port number to your
> server address...like www.example.com:58645.
>
> Roger
>
> **************************************************************
> **********
> ***
> *Roger A. Grimes, Banneret Computer Security, Computer Security
> Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4),
> CEH, CHFI
> *email: roger@banneretcs.com
> *cell: 757-615-3355
> *Author of Malicious Mobile Code: Virus Protection for Windows by
> O'Reilly *http://www.oreilly.com/catalog/malmobcode
> *Author of Honeypots for Windows (Apress)
> *http://www.apress.com/book/bookDisplay.html?bID=281
> **************************************************************
> **********
> ****
>
>
>
> -----Original Message-----
> From: Jeff Randall [mailto:Jeff.Randall@ksg-llc.net]
> Sent: Thursday, January 13, 2005 3:23 PM
> To: security-basics@securityfocus.com
> Subject: Remote Desktop vs VPN on Windows 2003
>
> I have setup a web server running win2k3 and was curious
> about remotely
> accessing it with an XP box. Only one requirement, it has to be FREE.
> =20
>
> Here is what I have setup and as of now working but I would
> like in the
> end to only run one.
>
> 1. RRAS using PPTP. It's not a DC so I use local accounts.
> 2. VNC. TiteVNC to be specific.
> 3. Remote Desktop - went into the admin tools and set the
> encryption level to high.
>
> Please no crazy setups like upgrade to DC and run IAS for Radius or
> running IPSEC tunnels, just would like peoples thoughts on
> the security
> level of each of these programs and what they feel are the
> most secure.
> If you can get specific about encryption, keys, key lengths,
> that would
> be great. Thanks
>
>
- Previous message: Giraldo Alonso Suárez: "RE: WinXP Login Logs"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Paris E. Stone: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
