Educause Security Discussion mailing list archives
Re: iPad and access to university ERP
From: James Peluso <james.peluso () SALVE EDU>
Date: Sat, 24 Jul 2010 14:10:36 -0400
Hey Russell, With 2008 R2 the default for RDS is to Negotiate the security layer. You can force the security layer to use TLS and then on the RDS server force 128-bit "High" encryption for clients and servers. If you go that route you'd need to purchase a certificate from a Public CA. The problem is your clients need to support that level of encryption. If they don't then they won't be able to access the RDS server. So the question then becomes can the iPad apps handle that level of encryption and how does it handle certificates? James Peluso ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton [r.fulton () AUCKLAND AC NZ] Sent: Friday, July 23, 2010 4:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad and access to university ERP On 22/07/2010, at 11:33 AM, Dave Koontz wrote:
But, if they "force" VPN connections to access the RDP desktop session to begin with, you have the VPN security in front of the weaker MS RDP encryption. Seems safe enough to me.
Absolutely - it is RDP which is the issue -- not the iPad. I had no idea the RDP could be configured to use such low grade encryption although it is consistent with MS's policy of keeping everything backward compatible forever and to hell with the security consequences. Thing about the authentication mechanisms and LANMAN hashes which were (still are?) on by default. Side note is there anyway to force RDP server to require a decent level of encryption? Russell
Current thread:
- iPad and access to university ERP Theresa Rowe (Jul 21)
- Re: iPad and access to university ERP Greg Schaffer (Jul 21)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 21)
- Re: iPad and access to university ERP Basgen, Brian (Jul 21)
- Re: iPad and access to university ERP Ullman, Catherine (Jul 21)
- Re: iPad and access to university ERP Dave Koontz (Jul 21)
- Re: iPad and access to university ERP Matthew Gracie (Jul 21)
- Re: iPad and access to university ERP Basgen, Brian (Jul 21)
- Re: iPad and access to university ERP Russell Fulton (Jul 23)
- Re: iPad and access to university ERP James Peluso (Jul 24)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 21)
- Re: iPad and access to university ERP Greg Schaffer (Jul 21)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP John Hoffoss (Jul 22)
- Re: iPad and access to university ERP Bret Ingerman (Jul 23)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Roger Safian (Jul 22)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 21)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 22)
- Re: iPad and access to university ERP Joel Rosenblatt (Jul 22)