Re: How is dangerous connect to server over internet with remote d
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Sun, 23 Jul 2006 10:24:19 +0200
Hi,
I found reference to this here:
http://download.microsoft.com/download/6/0/b/60b4f2fc-d5e3-43d3-82c5-a5ba508a9ca2/SEC312.ppt
and it states that this issue was address and resolved (slide #35). I am
don't know what was left unaddressed.
I hope this helps,
--
Mike
Microsoft MVP - Windows Security
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uaAfKHfrGHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:OmGj51brGHA.3412@xxxxxxxxxxxxxxxxxxxxxxx
Hi Roger,
if I am not mistaken MITM problem was solved when Windows Server 2003 SP1
was released. It allows you to install TLS certificate which will prevent
MITM attacks.
http://support.microsoft.com/?id=895433
--
Mike
Microsoft MVP - Windows Security
The links referenced if I read them correctly claim the changes with
XP SP2 / W2k3 SP1 / W2k3 R2 release addressed some but not
all issues.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uZXk3WbrGHA.3568@xxxxxxxxxxxxxxxxxxxxxxx
There is or was also a man in the middle vulnerability, at least if it
has not
yet been fixed (and I have not noticed MS mentioning this). The XP SP2
era changes raised the bar on this but did not eliminate all
possibilities.
Note however that a man in the middle attack is not the most simple
thing to accomplish, depending on network topologies, so the poster
should probably not be too concerned if their server is not a high
profile site and they can trust their provider/collocation.
ref:
www.oxid.it/downloads/rdp-gbu.pdf
www.networksecurityarchive.org/html/Exploits-HackingTools/2005-06/msg00002.html
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:uZPeoVNrGHA.4864@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I did a search and I found one DoS vulnerability from the past:
Microsoft Security Advisory (904797)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of
Service
http://www.microsoft.com/technet/security/advisory/904797.mspx
--
Mike
Microsoft MVP - Windows Security
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:ehewxSNrGHA.2464@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I can't recall any critical vulnerabilities in the past in Terminal
Services. I consider it a very good solution for remote access and
administration even without IP filtering. As mentioned the only
concern is how strong and protected your passwords are.
--
Mike
Microsoft MVP - Windows Security
"Massimo" <Massimo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AC61C683-818C-4FEF-A912-73767BB69894@xxxxxxxxxxxxxxxx
Thank'you very much for you answer. I want know if there are in the
past..
bug or vulenability in the terminal service (remote desktop). If i
use
encryption and if i connect to server with the same ip ( i configure
firewall
to accept only my remote fixed ip for 3389 port) can i consider this
solution
a good solution for manage the server?
"Miha Pihler [MVP]" wrote:
Hi,
There are few things you can do to make these connections (more)
secure:
- On the server set the encryption to high
- On Windows Server 2003 with SP1 installed on it you can use
certificates
to prevent MITM (Man In The Middle) attacks.
Now the only thing that I usually worry about when considering RDP
are key
loggers that might be installed on a computer from which you are
trying to
connect to your server (e.g. if you are trying to connect to your
server
from cyber café). Still this is not only the problem with RDP
connection but
with any remote connection using static username and password.
So if you decide for this option pay attention to username and
password (use
strong username and password and change passwords frequently). Don't
use
domain administrator account for connection - use ordinary user
account.
Whenever possible this user account should not even be local
administrator
on the server. Once you are connected to the server you can raise
your
permissions using another RDP to the server or options such as "run
as" etc.
Another thing to consider is to limit IP address from which you can
connect
to your server over RDP (e.g. limit it to your home IP address
only).
--
Mike
Microsoft MVP - Windows Security
"Massimo" <Massimo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E85C1B9-1460-4EF8-8EFC-7FF4FD983C45@xxxxxxxxxxxxxxxx
I have installed windows server 2003 enterprise edition. I have to
manage
my
server from remote site. A solution with remote desktop only is
very
dangerous? Terminal service of windows server 2003 with encryption
is not
secure?
Thank's
.
- References:
- Re: How is dangerous connect to server over internet with remote deskt
- From: Miha Pihler [MVP]
- Re: How is dangerous connect to server over internet with remote d
- From: Miha Pihler [MVP]
- Re: How is dangerous connect to server over internet with remote d
- From: Miha Pihler [MVP]
- Re: How is dangerous connect to server over internet with remote d
- From: Roger Abell [MVP]
- Re: How is dangerous connect to server over internet with remote d
- From: Miha Pihler [MVP]
- Re: How is dangerous connect to server over internet with remote d
- From: Roger Abell [MVP]
- Re: How is dangerous connect to server over internet with remote deskt
- Prev by Date: Re: Security Center
- Next by Date: Re: Windows Vista still Rife with Insecure Code
- Previous by thread: Re: How is dangerous connect to server over internet with remote d
- Next by thread: Re: How is dangerous connect to server over internet with remote d
- Index(es):
Relevant Pages
|
