Security Basics mailing list archives
Re: RDP over the internet
From: David J2 <davidj2 () hotmail com>
Date: Fri, 16 Mar 2012 19:25:04 -0400
So, I thought if you used NLA, then RDP was AOK. Just use best practice precautions. Is there an easy GPME fix for 2008 Server (not R2) or Windows 2003 Server to lock down Domain joined computing devices? I would like a link for that.
On 3/16/2012 7:24 AM, Dave Wray wrote:
I remember this old conversation. New light perhaps?Not really. What was said then was a massive generalisation that couldn't really be backed up with any solid data i.e. exploitable vulns in RDP. A hark back to the old "You can't do that, it's insecure" days that saw CEOs treating Security Officers like the enemy because they got in the way of "the business". The new vulnerability has changed the threat landscape in terms of RDP. But that's what we do, we deal with an ever changing landscape. What was said then is still a massive generalisation, which, at the time still had no solid data. Today's patch doesn't make it visionary or forward looking (unless of course the author was sitting on a big fat zero-day..). However. We have a vuln, we have a patch. That's it. If there was a new patch for IIS tomorrow, would we see it being pulled from use by thousands of organisations? No. D ________________________________________________________________________ Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: RDP over the internet Alex Fiuvertiz (Mar 15)
- Re: RDP over the internet Mike Hale (Mar 15)
- Re: RDP over the internet Thugzclub (Mar 15)
- Re: RDP over the internet Banyan He (Mar 16)
- Re: RDP over the internet Melissa Augustine (Mar 16)
- RE: RDP over the internet Dave Wray (Mar 16)
- Re: RDP over the internet synja (Mar 17)
- Re: RDP over the internet David J2 (Mar 17)
- Re: RDP over the internet Thugzclub (Mar 15)
- Re: RDP over the internet Mike Hale (Mar 15)
- Re: RDP over the internet Ansgar Wiechers (Mar 16)
- Re: RDP over the internet Thugzclub (Mar 19)
- Re: RDP over the internet Ansgar Wiechers (Mar 19)
- RE: RDP over the internet Dan Lynch (Mar 19)
- Re: RDP over the internet Ansgar Wiechers (Mar 19)
- Re: RDP over the internet Thugzclub Thugzclub (Mar 21)
- Re: RDP over the internet Thugzclub (Mar 19)
- Message not available
- Re: RDP over the internet Ansgar Wiechers (Mar 19)