Firewall Wizards mailing list archives
Re: terminal services
From: "Paul D. Robertson" <proberts () patriot net>
Date: Tue, 28 Jan 2003 15:29:52 -0500 (EST)
On Tue, 28 Jan 2003 natfirewall () netscape net wrote:
Greetings, I am being asked to open port 3389 on our Corporate firewall and direct incoming traffic on that port to a specific IP on our internal network. Being the paranoid that I am, I do not want to do this but I
I wouldn't do that for any money.
need better reasons/ammunition other than saying "it would be bad". I am looking for pointers to information hopefully in support of my fear of M$ security. Also, the more recent the information the better.
1. If it's not just open to a specific endpoint address, anyone can start doing ID/password guessing on the port. That should be enough of a start to get you where you want to be.
Not being close minded, I would also be interested in seeing any information which would make me feel warm and fuzzy about opening the port.
Wes is right, a VPN is the right answer here. Without it, you don't have any protection for the machine, the protocol, or even against a DoS attack. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- terminal services natfirewall (Jan 28)
- Re: terminal services R. DuFresne (Jan 28)
- Re: terminal services Don Kendrick (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services David Lang (Jan 28)
- Re: terminal services Duncan Sharp (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- <Possible follow-ups>
- RE: terminal services Noonan, Wesley (Jan 28)
- Re: terminal services Steven M. Bellovin (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services Barney Wolff (Jan 28)
- RE: firewall design (was: RE: terminal services ) m p (Jan 29)
- RE: terminal services R. DuFresne (Jan 28)