Educause Security Discussion mailing list archives
Re: iPad and access to university ERP
From: John Hoffoss <john.hoffoss () CSU MNSCU EDU>
Date: Thu, 22 Jul 2010 10:48:25 -0500
Yes, the issue here isn't, strictly speaking, the client. Clients have different capabilities, but Windows XP (Terminal Services in Windows Server) have configurable levels of encryption requirements, configurable via group policy. The encryption algorithm is RC4. If you allow "Client Compatible" encryption on the desktop, your users are able to connect via RDP using any client, iPad, iPhone, Linux, whatever, using a 40-bit key. Mr. Kletnieks challenged whether this was good enough, and I'd say the answer can only be answered by the admin and their risk management process. It very well may be good enough for Ms. Rowe's users. It would be for many of mine, but not for myself or any of my administrators. But given a better client that supports a 128-bit key, several of which have been mentioned by others, that may be sufficient. Also note that the Wyse PocketCloud app claims "FIPS support", which indicates to me their marketing department wrote that. I did a quick search and could not find PocketCloud of any version on the FIPS-validated products list (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm). -jth On Jul 22, 2010, at 7:27 AM, Brad Judy wrote:
If you configure your Windows systems to only allow high encryption levels for RDP (configurable via GPO or locally), then you'll either get decent encryption, or no connection. In this case, it probably means this app won't be able to establish an RDP connection. It would be nice to see an app like this support full, modern RDP with TLS/SSL support.
-- John T. Hoffoss Information Security Office -- Minnesota State Colleges and Universities john.hoffoss () csu mnscu edu -- +1.651.201.1453 30 7th Street East, Suite 350 St. Paul, MN 55101-7804 USA
Current thread:
- Re: iPad and access to university ERP, (continued)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 21)
- Re: iPad and access to university ERP Basgen, Brian (Jul 21)
- Re: iPad and access to university ERP Ullman, Catherine (Jul 21)
- Re: iPad and access to university ERP Dave Koontz (Jul 21)
- Re: iPad and access to university ERP Matthew Gracie (Jul 21)
- Re: iPad and access to university ERP Basgen, Brian (Jul 21)
- Re: iPad and access to university ERP Russell Fulton (Jul 23)
- Re: iPad and access to university ERP James Peluso (Jul 24)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 21)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP John Hoffoss (Jul 22)
- Re: iPad and access to university ERP Bret Ingerman (Jul 23)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Roger Safian (Jul 22)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 21)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 22)
- Re: iPad and access to university ERP Joel Rosenblatt (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 24)