Security Basics mailing list archives

Re: RDP over the internet

From: krymson () gmail com
Date: Wed, 11 Jan 2012 22:36:44 GMT

I've actually recently seen the results of just such a situation where a company had RDP listening to the outside
world, and an attacker in eastern Europe bruteforced the administrator account over the period of a couple months. Once
gotten, the attacker had full control and console access to the system. Granted, there were more mistakes than just
handing your RDP balls out onto the wind of the Internet...

Others have given good suggestions, but please make sure you have a control around stopping or detecting or preventing
any ol' user on the Internet from just bruteforcing you over time.

Personally, I would want a VPN or other layer of remote control that you can log into that is better to leave open to
any source IP. You should not allow any source IP to hit your RDP opening. It would be better to just limit it to your
home or some other smaller subnet you expect to normally use. Personally, I like the logging and auth capabilities of
other remote control solutions, rather than heading straight into an RDP opening. Typically speaking, a VPN or other
remote control solution won't let shared accounts or strange things log in, but RDP may not be as forgiving about
misconfigurations or mistakes or just gaps in knowledge.

Keep in mind current and previous normal and administrative users as people who might be interested in using your RDP
opening to lock out accounts or otherwise be annoying.

<- snip ->
Hi all I would like to know what are your opinions of using RDP over the internet on a Windows 2008 R2 server? Are
there any major known exploits or vulnerabilities? How safe is the server with having port 3389 open to the internet.

Rgds,
Mario

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: RDP over the internet, (continued)
- - - Re: RDP over the internet Lee Fisher (Jan 10)
    - Re: RDP over the internet Ansgar Wiechers (Jan 10)
    - Re: RDP over the internet security () stealthnodes com (Jan 10)
  - RE: RDP over the internet Dimitrios Hilton (Jan 10)
- Re: RDP over the internet William Söderberg (Jan 10)
- RE: RDP over the internet David Gillett (Jan 10)
- Re: RDP over the internet Hosts Deny (Jan 11)
  - Re: RDP over the internet synja (Jan 12)
- Re: RDP over the internet Savvy95 (Jan 10)
- RE: RDP over the internet Greg Carson (Jan 10)
- Re: RDP over the internet krymson (Jan 11)
  - R: RDP over the internet Webstyler.it (Jan 12)