Full Disclosure mailing list archives
Re: RDP, can it be done safely?
From: "J. Ottosson" <j-006 () ottosson nu>
Date: Thu, 10 Jun 2010 22:05:29 +0200
On 10 Jun 2010 at 9:30, Marsh Ray wrote:
On 6/10/2010 9:10 AM, Thor (Hammer of God) wrote:To be specific, it actually doesn't require a "client" cert in the strictest sense.But I thought it could be configured to require a client cert?
Some users would probably be content using stunnel (+OpenSSL) as SSL wrapper on server side and the "-v 3" option in config which I think should force validation against locally installed certificates. /J
You can configure certificate parameters on the server in such a way that certificate trust chains must be honored (close enough)I don't get your meaning here. What cert chains would the server be validating if not client certs? The server's own? Or are you saying it's still the client's option to not present a client cert?but if you want true client authentication based on a certificate, you would have to publish the RDP over RPC/HTTP(s) via something like ISA where you can specifically configure a listener to require client authentication certificates to be "presented" to the publisher, but that's not really the same thing.I kind of thought we had it configured something like that (but I haven't gotten in too deep yet). http://technet.microsoft.com/en-us/library/cc731264%28WS.10%29.aspx Thanks for the heads-up, I'll definitely look at this more closely as I have some projects at work which involve MSTS and TSG. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: RDP, can it be done safely?, (continued)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Benji (Jun 09)
- Re: RDP, can it be done safely? Benji (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? J. Ottosson (Jun 10)
- Re: RDP, can it be done safely? Jeffrey Walton (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? Cor Rosielle (Jun 10)