Re: RDP over the internet

[Ansgar Wiechers <bugtraq () planetcobalt net>]

Please keep the discussion on-list. Thank you.

On 2012-03-19 Maurice Mohlek wrote:
> Remap the rdp port to an other one. This should reduce the number of
> automatically attacks.

Obscurity is not a replacement for actual security. If a vulnerability
exists in the service, then it will exist (and be exploitable) no matter
which port the service is listening on.

> By default my firewall blocks every connection to rdp from the
> internet. You have to create a vpn connection first and connect to rdp
> via "intranet".

That is a reasonable setup. However, you still have an open port (in
this case the VPN endpoint) with a potentially vulnerable service.

> On this way the attacker have to know 2 exploits or password etc..

If the VPN endpoint is on the same server he still needs only one. If VPN
endpoint and Terminal Services are on different hosts, you do gain quite
some security, but that scenario differs quite a bit from the original
one due to the second host.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------