Re: iPad and access to university ERP

[John Hoffoss <john.hoffoss () CSU MNSCU EDU>]

Yes, the issue here isn't, strictly speaking, the client. Clients have different capabilities, but Windows XP (Terminal 
Services in Windows Server) have configurable levels of encryption requirements, configurable via group policy. The 
encryption algorithm is RC4. If you allow "Client Compatible" encryption on the desktop, your users are able to connect 
via RDP using any client, iPad, iPhone, Linux, whatever, using a 40-bit key. Mr. Kletnieks challenged whether this was 
good enough, and I'd say the answer can only be answered by the admin and their risk management process. It very well 
may be good enough for Ms. Rowe's users. It would be for many of mine, but not for myself or any of my administrators. 
But given a better client that supports a 128-bit key, several of which have been mentioned by others, that may be 
sufficient.

Also note that the Wyse PocketCloud app claims "FIPS support", which indicates to me their marketing department wrote 
that. I did a quick search and could not find PocketCloud of any version on the FIPS-validated products list 
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm).

-jth

On Jul 22, 2010, at 7:27 AM, Brad Judy wrote:
> If you configure your Windows systems to only allow high encryption levels
> for RDP (configurable via GPO or locally), then you'll either get decent
> encryption, or no connection.  In this case, it probably means this app
> won't be able to establish an RDP connection.  
>
> It would be nice to see an app like this support full, modern RDP with
> TLS/SSL support.  

--
John T. Hoffoss
Information Security Office  --  Minnesota State Colleges and Universities
john.hoffoss () csu mnscu edu  --  +1.651.201.1453

30 7th Street East, Suite 350
St. Paul, MN 55101-7804
USA