Penetration Testing mailing list archives
Securing RDP - Is it possible?
From: christopher.riley () r-it at
Date: Tue, 14 Apr 2009 11:35:35 +0200
Some older implementation of RDP are known to be insecure and prone to man in the middle attacks. However the latest version (6.0 I think) supports SSL support. You need to enable this on the client and server sides to ensure that it's implemented (I'd suggest looking at the group policy settings for this on the client and server). Check out these resources .: http://support.microsoft.com/kb/925876 http://support.microsoft.com/kb/895433 http://windowsitpro.com/article/articleid/50040/securing-rdp.html Hope it helps. Chris John Riley listbounce () securityfocus com@inet wrote on 14.04.2009 11:20:11:
Hello Is Secure RDP an impossibility? I am now working (WOOT) and they seem to use entirely RDP, almost no
VNC...
This, by my reckoning would make the network most insecure. Would you agree? Or is it possible to Secure RDP? Thanks in advance for sharing ideas on this matter, Panarchy ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec
Institute's
Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught
by an
expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
---------------------------------------- Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908 Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications. ---------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Securing RDP - Is it possible?, (continued)
- Message not available
- Re: Securing RDP - Is it possible? David Glosser (Apr 15)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 16)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 15)
- RE: Securing RDP - Is it possible? Lay, James (Apr 14)
- RE: Securing RDP - Is it possible? Harris, Michael C. (Apr 14)