Security Basics mailing list archives
RE: Remote Desktop vs VPN on Windows 2003
From: "Nero, Nick" <Nick.Nero () disney com>
Date: Wed, 19 Jan 2005 16:01:59 -0500
Unfortunately the phrase "weak encryption algorithm" is only slightly less subjective than the terms, "too much money". For what purpose? The default on 2000 and XP is 128bit RC4 which does seem dated but this is a pretty popular algorithm for symmetric encryption. Sure we could all use key pairs to encrypt everything to have "strong encrytion" but the cost in performance for the amount of security it provides isn't worth it for the large majority of applications. Furthermore in Windows 2003 you have the option of FIPS 140-1/FIPS 140-2 compliant algorithms for encrypting RDP sessions. This can even be set via a GPO to your entire environment. Doesn't get much easier than that. Is it secure enough to transfer missle launch codes? I probably wouldn't. Is it good enough to secure a user remotely accessing their desktops - you betcha. Also, bear in mind these encyption keys are per session so once you find one it isn't as easy as just listening to all the new sessions. At the same time 128bit SSL isn't as secure as 1024bit but it is secure enough for the overwhelming majority of uses. And SSH has had lots of holes in the past 2 years. Bashing RDP is just baseless MS bashing without concern for the facts. -----Original Message----- On Behalf Of Ansgar -59cobalt- Wiechers Sent: Wednesday, January 19, 2005 2:52 PM To: security-basics () securityfocus com Subject: Re: Remote Desktop vs VPN on Windows 2003 On 2005-01-19 Roger A. Grimes wrote:
On 2005-01-19 Ansgar -59cobalt- Wiechers wrote:On 2005-01-18 Roger A. Grimes wrote:but if the Windows tool can do the same or better job, why not use the free tools in the system?Because it can't.SSH multiple hacks...RDP one in 2002. How is RDP the worse tool? I keep waiting for facts?
*sigh* Like I already said: because its encryption algorithm is weak. Thus it simply cannot do a better job than tools which provide strong encryption (like SSH or VPNs). Period. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- RE: Remote Desktop vs VPN on Windows 2003, (continued)
- RE: Remote Desktop vs VPN on Windows 2003 Paris E. Stone (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Frank Hamersley (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Ansgar -59cobalt- Wiechers (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Michael Gale (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Conlan Adams (Jan 20)
- heroes Dave Aronson (Jan 24)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Nero, Nick (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)