Penetration Testing mailing list archives
RE: Securing RDP - Is it possible?
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Wed, 15 Apr 2009 07:39:00 +1000
Changing the default port adds obscurity and not security. Next, SSL will help with TLS fully enabled - this is client side certificates, but these are rarely used. Otherwise, SSL is just a dark tunnel, it helps stop sniffing, but not the attacks. In fact, it makes it more difficult to determine that you are being attacked in the first place. ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Leung, Kevin King Ting Sent: Tuesday, 14 April 2009 7:31 PM To: Chip Panarchy; pen-test () securityfocus com Subject: RE: Securing RDP - Is it possible? Securing RDP: 1) Change the default PORT 3389 for RDP session http://support.microsoft.com/kb/306759 2)Applying SSL encryption for RDP session http://thelazyadmin.com/blogs/thelazyadmin/archive/2007/01/26/Configure- RDP-over-SSL-with-SelfSSL.aspx Regards Kevin -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chip Panarchy Sent: Tuesday, April 14, 2009 4:28 PM To: pen-test () securityfocus com Subject: Securing RDP - Is it possible? Hello Is Secure RDP an impossibility? I am now working (WOOT) and they seem to use entirely RDP, almost no VNC... This, by my reckoning would make the network most insecure. Would you agree? Or is it possible to Secure RDP? Thanks in advance for sharing ideas on this matter, Panarchy ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Securing RDP - Is it possible? Chip Panarchy (Apr 14)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 15)
- Message not available
- Re: Securing RDP - Is it possible? David Glosser (Apr 15)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 16)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 14)
- Re: Securing RDP - Is it possible? Adriel T. Desautels (Apr 14)
- Re: Securing RDP - Is it possible? David Glosser (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 15)
- RE: Securing RDP - Is it possible? Lay, James (Apr 14)
- RE: Securing RDP - Is it possible? Harris, Michael C. (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Mark Owen (Apr 14)