Penetration Testing mailing list archives
RE: Securing RDP - Is it possible?
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Thu, 16 Apr 2009 13:54:51 +1000
An IDS (if managed correctly) does add a level of security. This is separate to altering the port. You can just as simply run the default port and an IDS. An IDS alert to the RDP port when you are using a different port is just adding noise. This is good to log for forensic and review, but it does nothing to secure the system as the port has been changed anyway. Log the port that RDP is running on. Regards, ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Glosser Sent: Thursday, 16 April 2009 10:55 AM To: craig.wright () information-defense com Cc: Leung, Kevin King Ting; Chip Panarchy; pen-test () securityfocus com Subject: Re: Securing RDP - Is it possible?
Changing the default port adds obscurity and not security.
Agreed. And then set an ids rule to trigger an alert on any traffic going to your server network across port 3389... ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Securing RDP - Is it possible? Chip Panarchy (Apr 14)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 15)
- Message not available
- Re: Securing RDP - Is it possible? David Glosser (Apr 15)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 16)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 14)
- Re: Securing RDP - Is it possible? Adriel T. Desautels (Apr 14)
- Re: Securing RDP - Is it possible? David Glosser (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 15)
- RE: Securing RDP - Is it possible? Lay, James (Apr 14)
- RE: Securing RDP - Is it possible? Harris, Michael C. (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Mark Owen (Apr 14)
- <Possible follow-ups>
- Securing RDP - Is it possible? christopher . riley (Apr 14)