Security Basics mailing list archives
Re: terminal server security vs vpn
From: <nobledark () hushmail com>
Date: Tue, 14 Aug 2007 16:35:57 -0400
Something else to take into consideration when making your decision is whether or not there is the potential for traffic other than Terminal Services. In this case it might make more sense to use a VPN tunnel instead of the encrypted RDP / ICA connection so you can have fewer ports on the firewall exposed to the Internet. For example, if you end up needing POP3 or IMAP, you can certainly protect those protocols with certificates and then open the related ports on your firewall to expose those services in addition to the RDP/ICA port. Web-based services aren't the greatest over RDP but you could open port 443, cert your web app, and then make that available as well. The down-side of this is that you now have multiple firewall ports open to the Internet. You also have the potential for anyone who is sniffing at a downstream router to get a better idea of what services you are offering through your firewall (even if they can't read the data, they can tell what port it's running over). However, if you are using a VPN to tunnel all of your traffic, you have fewer Internet-facing ports open and less information on what services (other than a VPN) that you are publishing. My 2 cents.... On Tue, 14 Aug 2007 14:54:37 -0400 Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:
On 2007-08-14 Brent Kern wrote:We went through this at our government agency and the remotedesktopclient is 128bit encrypted.Without knowing the encryption algorithm that doesn't mean anything. At all. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
-- Save big on Printer Toner. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4eo8Qw2tfNkhZd6ORfqWNsHgJ8Llnf9jkn5AQBb7daCdMB1i/
Current thread:
- Re: terminal server security vs vpn, (continued)
- Re: terminal server security vs vpn Chris Barber (Aug 13)
- RE: terminal server security vs vpn Brent Kern (Aug 14)
- Re: terminal server security vs vpn Ansgar -59cobalt- Wiechers (Aug 14)
- RE: terminal server security vs vpn Chandresh Dedhia (Aug 14)
- RE: terminal server security vs vpn Brent Kern (Aug 14)
- RE: terminal server security vs vpn Beauford, Jason (Aug 13)
- Re: terminal server security vs vpn Deno Vichas (Aug 13)
- RE: terminal server security vs vpn Mngadi, Simphiwe (SS) (Aug 14)
- Re: terminal server security vs vpn Isaac Perez (Aug 14)
- Re: terminal server security vs vpn Brian Loe (Aug 14)
- Re: terminal server security vs vpn abhicc285 (Aug 14)
- Re: terminal server security vs vpn nobledark (Aug 14)
- Re: terminal server security vs vpn Chris Barber (Aug 13)