Re: standalone CA customized certificate

Due to custom software, I will not be able to help you
at all with your management server. That is entirely in
your court... More inline.

In article <840D7B7C-33FD-4A07-96BD-3B92DF678CC2
@microsoft.com>, Sunil@xxxxxxxxxxxxxxxxxxxxxxxxx says...

Brain ,

Thanks for your comments.

Please find the replies and some questions.

who wrote thie management server. This is the key to
whether your application would work. I know of no
management server software that does what you want with
certs today.

1.The Mgmt Server is self developed , apart from this authentication it does
many more things.

This is not the way VPC would work. You would only be
connecting to the VPC agent using the RDP port? If you
are using htis, the only attribute of the certificate
that is looked at is the EKU attribute and it must have
the Client AUthentication OID. In addition, the RDP
client is hard coded to *only* look for smart card-based
client authentication certs, definitely not machine
certs....
2. VPC Agent is some kind of firewall. The only way to connect from thin
terminals is using RDP. By Default VPC Agent keeps rdp port closed.

I assumed you were talking about Microsoft Virtual PC. I
have no idea what you are talking about here.

You are reinventing the wheel. The RDP connection can
use TLS to encrypt the information. You have the key
exchang backwards. When you connect to a server, you
validate the server certificate. The server certificate
is used to protect a symmetric key that is used to
encrypt any data. A client machine certificate is never
used to protect data. It is the responsibility of the
server cert.


3.Is it possible to use TLS in windows XP Terminal Services ?

You can if you use Windows Server 2003 with SP1 or R2 on
the back end. You can enable SSL (actually TLS) in the
properties of the RDP connection.
.

Relevant Pages

  • RE: Windows Remote Desktop
    ... between the server and client in addition to RDP encryption. ... On the topic of securing RDP i was wondering if anyone can help.... ... connection is difficult. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • RE: Windows Remote Desktop
    ... clients and match your server configuration to match the target server ... Https would not be subject to a MiM attack using the method I described. ... Citrix can be more secure then RDP. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • RE: Windows Remote Desktop
    ... This step confirms that the server is ... Subject: Windows Remote Desktop ... Citrix can be more secure then RDP. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • RE: Windows Remote Desktop
    ... On the topic of securing RDP i was wondering if anyone can help.... ... If you get a hold of the certificate the server presents to the ... SSL/HTTPS then use the Citrix ICA encryption on top of that, ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • RE: Windows Remote Desktop
    ... Terminal Server then apply that to the appropriate part of your Domain ... On the topic of securing RDP i was wondering if anyone can help.... ... Now everything works fine but Im still security concious and would like to ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)