Security Basics mailing list archives

R: RDP over the internet

From: "Webstyler.it" <info () webstyler it>
Date: Thu, 12 Jan 2012 08:48:13 +0100

Hello

As write by other users there are a lot of way to keep safe ( or more safe )
an exposed win server

Hardware firewall, vpn, custom rdp port and hard password is right way

But, not always this scenario may be applicate

So, think minimal scenario is custom rdp port, a really hard password and a
good setting of window server and win firewall to close services not
working.

Would be really interesting if windows firewall could be "ban" IP after 10
(example) login failed, for simple protection.

Simon

-----Messaggio originale-----
Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Per
conto di krymson () gmail com
Inviato: mercoledì 11 gennaio 2012 23.37
A: security-basics () securityfocus com
Oggetto: Re: RDP over the internet

I've actually recently seen the results of just such a situation where a
company had RDP listening to the outside world, and an attacker in eastern
Europe bruteforced the administrator account over the period of a couple
months. Once gotten, the attacker had full control and console access to the
system. Granted, there were more mistakes than just handing your RDP balls
out onto the wind of the Internet...

Others have given good suggestions, but please make sure you have a control
around stopping or detecting or preventing any ol' user on the Internet from
just bruteforcing you over time.

Personally, I would want a VPN or other layer of remote control that you can
log into that is better to leave open to any source IP. You should not allow
any source IP to hit your RDP opening. It would be better to just limit it
to your home or some other smaller subnet you expect to normally use.
Personally, I like the logging and auth capabilities of other remote control
solutions, rather than heading straight into an RDP opening. Typically
speaking, a VPN or other remote control solution won't let shared accounts
or strange things log in, but RDP may not be as forgiving about
misconfigurations or mistakes or just gaps in knowledge.

Keep in mind current and previous normal and administrative users as people
who might be interested in using your RDP opening to lock out accounts or
otherwise be annoying.

<- snip ->
Hi all I would like to know what are your opinions of using RDP over the
internet on a Windows 2008 R2 server? Are there any major known exploits or
vulnerabilities? How safe is the server with having port 3389 open to the
internet.

Rgds,
Mario

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

__________ Informazioni da ESET NOD32 Antivirus, versione del database delle
firme digitali 6787 (20120111) __________

Il messaggio è stato controllato da ESET NOD32 Antivirus.

www.nod32.it

__________ Informazioni da ESET NOD32 Antivirus, versione del database delle
firme digitali 6787 (20120111) __________

Il messaggio è stato controllato da ESET NOD32 Antivirus.

www.nod32.it

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: RDP over the internet, (continued)
- - - Re: RDP over the internet Ansgar Wiechers (Jan 10)
    - Re: RDP over the internet security () stealthnodes com (Jan 10)
  - RE: RDP over the internet Dimitrios Hilton (Jan 10)
- Re: RDP over the internet William Söderberg (Jan 10)
- RE: RDP over the internet David Gillett (Jan 10)
- Re: RDP over the internet Hosts Deny (Jan 11)
  - Re: RDP over the internet synja (Jan 12)
- Re: RDP over the internet Savvy95 (Jan 10)
- RE: RDP over the internet Greg Carson (Jan 10)
- Re: RDP over the internet krymson (Jan 11)
  - R: RDP over the internet Webstyler.it (Jan 12)