Security Basics mailing list archives
Re: Windows Remote Desktop
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 15 Jan 2004 01:26:20 +0100
On 2004-01-13 Michael Gale wrote:
Right now a internal user is complaining about the fact their remote desktop connection to their home PC is no longer working. The justification is that a remote PC out side the network is needed for testing.
o_O
At which point I gladly offered to setup a out side box for testing. :)
^_^
Any ways the question I have is, do you feel that Remote Desktop (into WinXP) is a secure enough connection to allow it. I mind you that this is supposed to be a outbound connection only but you never know with windows.
RDP does use encryption (RC4), but I wouldn't want to rely on it. What you could do is: install an ssh daemon on the target machine (e.g. the Windows port of OpenSSH [1]) and establish the RDP connection through a ssh tunnel. Make sure the Windows box is well-configured an patched, otherwise the encrypted connection would be useless, as an attacker could break into the box and 0wn the RDP server. [1] http://lexa.mckenna.edu/sshwindows/ Regards Ansgar Wiechers --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Windows Remote Desktop Michael Gale (Jan 14)
- Re: Windows Remote Desktop Ansgar -59cobalt- Wiechers (Jan 15)
- <Possible follow-ups>
- RE: Windows Remote Desktop Shawn Jackson (Jan 14)
- RE: Windows Remote Desktop jamesworld (Jan 14)
- RE: Windows Remote Desktop Dean Davis (Jan 14)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Andrew Leung (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- RE: Windows Remote Desktop Nero, Nick (Jan 15)
(Thread continues...)