Full Disclosure mailing list archives
Re: RDP, can it be done safely?
From: Marsh Ray <marsh () extendedsubset com>
Date: Thu, 10 Jun 2010 05:44:23 -0500
On 6/10/2010 4:44 AM, Larry Seltzer wrote:
All right, I guess you've got a point. I reflexively say VPN at times like this because the very few reported RDP attacks I've seen have been MITM attacks of the sort that VPNs effectively block. But a client certificate/TLS implementation accomplishes the same thing and all you have to open is the RDP port.
MS Terminal Services Gateway can be set up to require client cert authentication and comes in over SSL/TLS over port 443 (RPC over HTTPS I think). Allowing raw RDP to come in through the firewall is not something I would feel real good about. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: RDP, can it be done safely?, (continued)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Benji (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Benji (Jun 09)
- Re: RDP, can it be done safely? Benji (Jun 09)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? J. Ottosson (Jun 10)
- Re: RDP, can it be done safely? Cor Rosielle (Jun 10)