Re: Remote Web Workplace security

["ROB DIXON" <RDIXON () workforcewv org>]

Hi David,

Without of course illustrating an attack, could you explain your comment regarding "I would fire a keylogger onto your 
machine far quicker
than attempting to MITM your rdp session."? 
In other words, which connection method are you stating is more vulnerable to which attack?

Thanks



Robert L. Dixon,  CSO
CHFI A+
State of West Virginia's 
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225 
Email:rdixon () workforcewv org
> > > "Paul Halliday" <paul.halliday () gmail com>  >>>
On 3 Mar 2006 02:09:31 -0000, davidj () comparto com au
<davidj () comparto com au> wrote:

> My fellow Sys Admin has been pushing the 'Remote Web Workplace' as the remote connection option to our clients. Where 
> I prefer the Remote Desktop through VPN whenever possible.






> I understand the straight Remote Desktop has RC4 security which is rather weak. I dont believe this has been improved 
> when using the 'Remote Web Workplace' method? Any I wrong?
>
> I want to make it policy that Remote Desktop connections via a VPN must always be used before the 'Remote Web 
> Workplace', whenever possible.
> Am I being paranoid?

Yes you are. I would fire a keylogger onto your machine far quicker
than attempting to MITM your rdp session.

> Thanks
>
> Dave J
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------