RE: Remote Desktop vs VPN on Windows 2003
From: Frank Hamersley (terabite_at_bigpond.com)
Date: 01/20/05
- Previous message: Nero, Nick: "RE: Remote Desktop vs VPN on Windows 2003"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Roger A. Grimes'" <roger@banneretcs.com>, "'Paris E. Stone'" <pstone@alhurra.com>, <security-basics@securityfocus.com> Date: Thu, 20 Jan 2005 15:47:53 +1100
-----Original Message-----
> From: Roger A. Grimes [mailto:roger@banneretcs.com]
> Sent: Thursday, 20 January 2005 4:39 AM
> To: Paris E. Stone; security-basics@securityfocus.com
> Subject: RE: Remote Desktop vs VPN on Windows 2003
[snip]
> Again, I consult for tons of companies.
> Lots of them have SQL databases attached to the Internet.
Directly attached? If so they should expect a visit from nice calm ppl in
white suites RSN.
> We take 60 seconds to change the default SQL port for their engines.
And you never suggest they relocate the system to a safer place?
> None are being broken into by SQL password scanning worms.
> I had one client who literally left the SA > password as sa for six
months.
> They were not broken into.
How do you absolutely and positively know that to be the case? BTW You
can't rely on the clowns that installed it to give you an opinion - they
obviously haven't a brain cell to share between them! How sure are you that
a backdoor is not embedded in their product (if they are an IT firm) or are
afflicted with a deep sleeper left for a rainy day?
What's to say that SQL Server was the ultimate target rather than merely a
temporarily abused as a conduit to better pastures?
IMO none of the evidence you have offered is proof of the effectiveness of
your claims. Just because a system is not wobbly (either on its knees or
face down and not moving) this does not prove it is not owned!
Cheers, Frank.
-----Original Message-----
From: Paris E. Stone [mailto:pstone@alhurra.com]
Sent: Wednesday, January 19, 2005 11:07 AM
To: rgrant@nextsequence.com; Roger A. Grimes; Jeff Randall;
security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
All those open MS ports?!?!?!
WTF?
That is just crazy!
OK, this is a honeypot, there is no way this is a real production host, no
way.
-----Original Message-----
From: Rhett Grant [mailto:rgrant@nextsequence.com]
Sent: Tuesday, January 18, 2005 6:22 PM
To: Paris E. Stone; 'Roger A. Grimes'; 'Jeff Randall';
security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
Hi Roger,
68.106.158.136:33000 WinXP Pro
68.106.158.136:33001 Win2003 Enterprise
Here is what the rest of my scan picked up
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop-3
111/tcp filtered rpcbind
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
27374/tcp filtered subseven
33000/tcp open unknown
33001/tcp open unknown
33002/tcp filtered unknown
33003/tcp filtered unknown
If someone was looking to hack your network your security through obscurity
would not work (yes you can get around the simple virus's with are only
looked for certain ports). All it means is someone have to spend 5 more
mins discovering what these open ports are. And there are so many auditing
tools out there that can automate telling me what these open ports are. I
just chose a simple port scan. Will this kind of security work??? For a
novice or script kiddies, maybe...., but not someone that has an interest in
your network, no way. Just my 2¢
I would take Paris advice and put some real security up.
By the way, what book is it? ;)
Rhett
-----Original Message-----
From: Paris E. Stone [mailto:pstone@alhurra.com]
Sent: Tuesday, January 18, 2005 2:20 PM
To: Roger A. Grimes; Jeff Randall; security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
And that domain (host or domain) is not protected by a firewall?
No IDS?
No IPS?
No honeypots?
My error in my original post was not in being clear, so, restated.
Security through Obscurity, by it's self is not security at all.
-----Original Message-----
From: Roger A. Grimes [mailto:roger@banneretcs.com]
Sent: Tuesday, January 18, 2005 1:53 PM
To: Paris E. Stone; Jeff Randall; security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
Security through obscurity is a type of security, and it works...just not in
a vacuum...and not alone.
Almost all major Internet worms would have be rendered defenseless by simply
changing the port number one port up. 99.9% of hacks are automated using
worms, viruses, and malicious scripts. Almost of of them (9999.99%) only
look on the default port. Fastest worm ever..SQL Slammer...only worked on
the default SQL port. Code Red...only port 80.
Spambots look for ports 25 and 80. FTP exploits ONLY look for port 21. I
could go on and on.
Security by obscurity works, and works well. Come find my RDP port on my
domain at banneretcs.com. Prize (free book) to the first person who finds
it. Go.
Roger
************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security Consultant
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
-----Original Message-----
From: Paris E. Stone [mailto:pstone@alhurra.com]
Sent: Tuesday, January 18, 2005 10:40 AM
To: Roger A. Grimes; Jeff Randall; security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
"Security through Obscurity" i.e. put it on a different port, is not
security at all.
Rdesktop on the internet, is generally a bad idea, no matter what port
it runs on.
Put a firewall in front of it if possible, if not, run a software
firewall and then add openvpn.
www.openvpn.net is free, and will allow IPSEC connectivity that you can
use to access the machine, then you get MSTSC(remote desktop) access
over the tunnel.
-----Original Message-----
From: Roger A. Grimes [mailto:roger@banneretcs.com]
Sent: Friday, January 14, 2005 5:16 PM
To: Jeff Randall; security-basics@securityfocus.com
Subject: RE: Remote Desktop vs VPN on Windows 2003
I can think of NO reason not to use Remote Desktop. Remote Desktop is
fast and secure. Everything is encrypted past the logon name. To get
additional security assurance, change the default TCP port from 3389 to
something randomly high...like 58645 (which you can do with a regedit on
the server...just google it). Then add the new port number to your
server address...like www.example.com:58645.
Roger
************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4),
CEH, CHFI
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code: Virus Protection for Windows by
O'Reilly *http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
-----Original Message-----
From: Jeff Randall [mailto:Jeff.Randall@ksg-llc.net]
Sent: Thursday, January 13, 2005 3:23 PM
To: security-basics@securityfocus.com
Subject: Remote Desktop vs VPN on Windows 2003
I have setup a web server running win2k3 and was curious about remotely
accessing it with an XP box. Only one requirement, it has to be FREE.
=20
Here is what I have setup and as of now working but I would like in the
end to only run one.
1. RRAS using PPTP. It's not a DC so I use local accounts.
2. VNC. TiteVNC to be specific.
3. Remote Desktop - went into the admin tools and set the
encryption level to high.
Please no crazy setups like upgrade to DC and run IAS for Radius or
running IPSEC tunnels, just would like peoples thoughts on the security
level of each of these programs and what they feel are the most secure.
If you can get specific about encryption, keys, key lengths, that would
be great. Thanks
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.0 - Release Date: 1/17/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.0 - Release Date: 1/17/2005
- Previous message: Nero, Nick: "RE: Remote Desktop vs VPN on Windows 2003"
- In reply to: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
