Security Basics mailing list archives
RE: Windows Remote Desktop
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 14 Jan 2004 15:35:51 -0800
Well transferring data outside a company is easier then pie these days. With everything from encrypted email to USB drives it's hard to use that as a sole point 'ban' RDP to offsite resources. Unless you're running at high level security i.e. Military, Extremely Sensitive Work, National Security the movement of data offsite would be a secondary concern. The RDP encryption is 'in transit' protection and won't protect the resources. I personally never use the clipboard sharing, drive/printer mapping, etc. Access to those resources should be dictated by the company security policy and doesn't follow the 'security' of the protocol/connection. Seaming the connection is one-way (From Workstation or RDP Host) it hard to open a hole/exploit through an infected RDP host and use the RDP interface to your advantage. Additionally no actual 'data' is transferred through the RDP connection, it's just interface information (mouse movement, button clicks, typing) and screen refreshes. Now if you were using the resource mapping then data would traverse the RDP connection and would be subject to its encryption. All in all I think that PCAnywhere and Citrix have more secure RDP/VNC like interfaces but RDP is pretty secure by itself. Just as James stated, watch the local resource mapping. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: jamesworld () intelligencia com [mailto:jamesworld () intelligencia com] Sent: Wednesday, January 14, 2004 3:03 PM To: Shawn Jackson Cc: Michael Gale; security-basics () securityfocus com Subject: RE: Windows Remote Desktop Ahh,, but what about the option to connect local resources...... Drives Printers Serial Ports Smart Cards .... Talk about the ability to transfer company data out... What is protecting the actual data, MS RDP encryption which defaults to "medium" security by default. Again it comes back to.......What is the company policy? If it doesn't cover it, the policy needs to be updated. -James At 12:14 01/14/2004, Shawn Jackson wrote:
Eh' for 'Testing' I use a remote SSH server off my backbone. I do 'periodically' login to my remote XP workstation and do some work. Because only screen information is transmitted even if that system was hacked or infected with a virus it won't affect my network at work. My XP system doesn't sit directly on the Internet through; it goes through a Debian box running iptables. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Michael Gale [mailto:michael () bluesuperman com] Sent: Tuesday, January 13, 2004 8:35 PM To: security-basics () securityfocus com Subject: Windows Remote Desktop Hello, I have a question, I have locked down a company network
allowing
only web browsing, SSH and FTP. Nothing else is need and soon SSH and FTP will be gone hopefully once the VPN is final. Right now a internal user is complaining about the fact their remote desktop connection to their home PC is no longer working. The justification is that a remote PC out side the network is needed
for
testing. At which point I gladly offered to setup a out side box for testing. :) Any ways the question I have is, do you feel that Remote Desktop (into WinXP) is a secure enough connection to allow it. I mind you that this is supposed to be a outbound connection only but you never know with windows. -- Hand over the Slackware CD's and back AWAY from the computer, your geek rights have been revoked !!! Michael Gale Slackware user :) Bluesuperman.com -----------------------------------------------------------------------
-
--- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or
less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! -----------------------------------------------------------------------
-
---- -----------------------------------------------------------------------
----
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any
course! All of our class sizes are guaranteed to be 10 students or
less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off
any course! -----------------------------------------------------------------------
----- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Windows Remote Desktop Michael Gale (Jan 14)
- Re: Windows Remote Desktop Ansgar -59cobalt- Wiechers (Jan 15)
- <Possible follow-ups>
- RE: Windows Remote Desktop Shawn Jackson (Jan 14)
- RE: Windows Remote Desktop jamesworld (Jan 14)
- RE: Windows Remote Desktop Dean Davis (Jan 14)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Andrew Leung (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- RE: Windows Remote Desktop Nero, Nick (Jan 15)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- A different question RE: Windows Remote Desktop David Gillett (Jan 16)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
(Thread continues...)