Security Basics mailing list archives
Re: Remote Web Workplace security
From: "ROB DIXON" <RDIXON () workforcewv org>
Date: Tue, 07 Mar 2006 09:11:30 -0500
Hi David, Without of course illustrating an attack, could you explain your comment regarding "I would fire a keylogger onto your machine far quicker than attempting to MITM your rdp session."? In other words, which connection method are you stating is more vulnerable to which attack? Thanks Robert L. Dixon, CSO CHFI A+ State of West Virginia's West Virginia Office of Techonology Infrastructure Applications Netware/GroupWise Administrator Telephone: (304)-558-5472 ex.4225 Email:rdixon () workforcewv org
"Paul Halliday" <paul.halliday () gmail com> >>>
On 3 Mar 2006 02:09:31 -0000, davidj () comparto com au <davidj () comparto com au> wrote:
My fellow Sys Admin has been pushing the 'Remote Web Workplace' as the remote connection option to our clients. Where I prefer the Remote Desktop through VPN whenever possible.
I understand the straight Remote Desktop has RC4 security which is rather weak. I dont believe this has been improved when using the 'Remote Web Workplace' method? Any I wrong? I want to make it policy that Remote Desktop connections via a VPN must always be used before the 'Remote Web Workplace', whenever possible. Am I being paranoid?
Yes you are. I would fire a keylogger onto your machine far quicker than attempting to MITM your rdp session.
Thanks Dave J --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Remote Web Workplace security davidj (Mar 03)
- Re: Remote Web Workplace security Paul Halliday (Mar 06)
- <Possible follow-ups>
- Re: Remote Web Workplace security barcajax (Mar 06)
- Re: Remote Web Workplace security ROB DIXON (Mar 08)
- Re: Remote Web Workplace security Paul Halliday (Mar 09)
- RE: Remote Web Workplace security Dana Epp (Mar 10)
- Re: Remote Web Workplace security ROB DIXON (Mar 10)