Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPad and access to university ERP

From: James Peluso <james.peluso () SALVE EDU>
Date: Sat, 24 Jul 2010 14:10:36 -0400
Hey Russell,

With 2008 R2 the default for RDS is to Negotiate the security layer.  You can force the security layer to use TLS and 
then on the RDS server force 128-bit "High" encryption for clients and servers.  If you go that route you'd need to 
purchase a certificate from a Public CA.  

The problem is your clients need to support that level of encryption.  If they don't then they won't be able to access 
the RDS server.

So the question then becomes can the iPad apps handle that level of encryption and how does it handle certificates?


James Peluso
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton 
[r.fulton () AUCKLAND AC NZ]
Sent: Friday, July 23, 2010 4:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPad and access to university ERP

On 22/07/2010, at 11:33 AM, Dave Koontz wrote:


But, if they "force" VPN connections to access the RDP desktop session
to begin with, you have the VPN security in front of the weaker MS RDP
encryption.  Seems safe enough to me.


Absolutely - it is RDP which is the issue -- not the iPad.  I had no idea the RDP could be configured to use such low 
grade encryption although it is consistent with MS's policy of keeping everything backward compatible forever and to 
hell with the security consequences. Thing about the authentication mechanisms and LANMAN hashes which were (still 
are?) on by default.

Side note is there anyway to force RDP server to require a decent level of encryption?

Russell
Previous By Date Next
Previous By Thread Next

Current thread: