Re: Remote Desktop MITM Concerns
From: JerryTheGreat (JerryTheGreat_at_discussions.microsoft.com)
Date: 06/12/05
- Next message: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Previous message: Roger Abell: "Re: Should IIS svr NOT be in domain"
- In reply to: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Next in thread: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Reply: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Reply: Steven L Umbach: "Re: Remote Desktop MITM Concerns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Jun 2005 11:08:02 -0700
What I really want to know here is this: How significant a concern is this?
If the ability to perform the act is integrated into freely available
software should I be concerned? In my setup, I am logging in accross the
Internet, so IPSec is out, unless I set up a vpn. Mitigating the risk is that
I use IP, not DNS to connect to the server, which should make a MOTM
extremely difficult to perform without detection.
Thanks.
JTG
"Roger Abell" wrote:
> I am with Steve in replying that, if you feel your environment of sufficient
> value that there actually is a risk someone would consider mounting an man
> in the middle compromise of your network communications, then you should
> look at use of a IPsec hard security association, in one or another form,
> and then use RDP within this.
>
> The underlying problem here is that RD is intended to allow ad-hoc type
> connections, such as with consumer stand-alones. When there is no third
> party involved and there is no pre-shared secret, then it is fundamentally
> unavoidable that the types of mutual verification this author indicates as
> the most desirable are not infallibly possible.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "JerryTheGreat" <JerryTheGreat@discussions.microsoft.com> wrote in message
> news:F875A484-5C95-44D8-8829-E2400FCFCAC1@microsoft.com...
> > Hello,
> >
> > Released May 28 was an unofficial security advisory entitled "Remote
> Desktop
> > Protocol, the Good the Bad and the Ugly" By Massimiliano Montoro. This
> has
> > me very concerned about my setup. Is this a valid issue?? I've found no
> > advisoried from Microsoft or any other security site, except that the
> > nefarious tool Cain and Abel v2.7 contains this capability. Please someone
> > address this concern for me.
> >
> > I'm being careful in this posting not to use any keywords a search engine
> > may index.
>
>
>
- Next message: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Previous message: Roger Abell: "Re: Should IIS svr NOT be in domain"
- In reply to: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Next in thread: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Reply: Roger Abell: "Re: Remote Desktop MITM Concerns"
- Reply: Steven L Umbach: "Re: Remote Desktop MITM Concerns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
