RE: Remote Desktop vs VPN on Windows 2003
From: Nero, Nick (Nick.Nero_at_disney.com)
Date: 01/19/05
- Previous message: Lars Weste: "linux tool aiding the work with german Grundschutzhandbuch"
- Maybe in reply to: Jeff Randall: "Remote Desktop vs VPN on Windows 2003"
- Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jan 2005 16:01:59 -0500 To: <security-basics@securityfocus.com>
Unfortunately the phrase "weak encryption algorithm" is only slightly
less subjective than the terms, "too much money". For what purpose?
The default on 2000 and XP is 128bit RC4 which does seem dated but this
is a pretty popular algorithm for symmetric encryption. Sure we could
all use key pairs to encrypt everything to have "strong encrytion" but
the cost in performance for the amount of security it provides isn't
worth it for the large majority of applications.
Furthermore in Windows 2003 you have the option of FIPS 140-1/FIPS 140-2
compliant algorithms for encrypting RDP sessions. This can even be set
via a GPO to your entire environment. Doesn't get much easier than
that. Is it secure enough to transfer missle launch codes? I probably
wouldn't. Is it good enough to secure a user remotely accessing their
desktops - you betcha. Also, bear in mind these encyption keys are per
session so once you find one it isn't as easy as just listening to all
the new sessions.
At the same time 128bit SSL isn't as secure as 1024bit but it is secure
enough for the overwhelming majority of uses. And SSH has had lots of
holes in the past 2 years. Bashing RDP is just baseless MS bashing
without concern for the facts.
-----Original Message-----
On Behalf Of Ansgar -59cobalt- Wiechers
Sent: Wednesday, January 19, 2005 2:52 PM
To: security-basics@securityfocus.com
Subject: Re: Remote Desktop vs VPN on Windows 2003
On 2005-01-19 Roger A. Grimes wrote:
> On 2005-01-19 Ansgar -59cobalt- Wiechers wrote:
>> On 2005-01-18 Roger A. Grimes wrote:
>>> but if the Windows tool can do the same or better job, why not use
>>> the free tools in the system?
>>
>> Because it can't.
>
> SSH multiple hacks...RDP one in 2002. How is RDP the worse tool? I
> keep waiting for facts?
*sigh*
Like I already said: because its encryption algorithm is weak. Thus it
simply cannot do a better job than tools which provide strong encryption
(like SSH or VPNs). Period.
Regards
Ansgar Wiechers
-- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
- Previous message: Lars Weste: "linux tool aiding the work with german Grundschutzhandbuch"
- Maybe in reply to: Jeff Randall: "Remote Desktop vs VPN on Windows 2003"
- Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
