Security Basics mailing list archives
Re: RDP over the internet
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 19 Mar 2012 19:37:13 +0100
Please keep the discussion on-list. Thank you. On 2012-03-19 Maurice Mohlek wrote:
Remap the rdp port to an other one. This should reduce the number of automatically attacks.
Obscurity is not a replacement for actual security. If a vulnerability exists in the service, then it will exist (and be exploitable) no matter which port the service is listening on.
By default my firewall blocks every connection to rdp from the internet. You have to create a vpn connection first and connect to rdp via "intranet".
That is a reasonable setup. However, you still have an open port (in this case the VPN endpoint) with a potentially vulnerable service.
On this way the attacker have to know 2 exploits or password etc..
If the VPN endpoint is on the same server he still needs only one. If VPN endpoint and Terminal Services are on different hosts, you do gain quite some security, but that scenario differs quite a bit from the original one due to the second host. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: RDP over the internet, (continued)
- Re: RDP over the internet Melissa Augustine (Mar 16)
- RE: RDP over the internet Dave Wray (Mar 16)
- Re: RDP over the internet synja (Mar 17)
- Re: RDP over the internet David J2 (Mar 17)
- Re: RDP over the internet Ansgar Wiechers (Mar 16)
- Re: RDP over the internet Thugzclub (Mar 19)
- Re: RDP over the internet Ansgar Wiechers (Mar 19)
- RE: RDP over the internet Dan Lynch (Mar 19)
- Re: RDP over the internet Ansgar Wiechers (Mar 19)
- Re: RDP over the internet Thugzclub Thugzclub (Mar 21)
- Re: RDP over the internet Thugzclub (Mar 19)
- Message not available
- Re: RDP over the internet Ansgar Wiechers (Mar 19)