Re: terminal services

["Paul D. Robertson" <proberts () patriot net>]

On Tue, 28 Jan 2003 natfirewall () netscape net wrote:

> Greetings,
>
> I am being asked to open port 3389 on our Corporate firewall and
> direct incoming traffic on that port to a specific IP on our internal
> network.  Being the paranoid that I am, I do not want to do this but I

I wouldn't do that for any money.

> need better reasons/ammunition other than saying "it would be bad".  
> I am looking for pointers to information hopefully in support of my
> fear of M$ security.  Also, the more recent the information the
> better.

1.  If it's not just open to a specific endpoint address, anyone can start 
doing ID/password guessing on the port.  That should be enough of a start 
to get you where you want to be.

> Not being close minded, I would also be interested in seeing any
> information which would make me feel warm and fuzzy about opening the
> port.

Wes is right, a VPN is the right answer here.  Without it, you don't have 
any protection for the machine, the protocol, or even against a DoS 
attack.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards