Firewall Wizards mailing list archives
RE: Using RDP Port 3389
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 12 Apr 2004 09:40:02 -0400
If it were me, I would have three concerns about allowing RDP connections from the Internet. 1. The default Event logging and user controls for Terminal Services are inadequate. Any user in a domain/workgroup that your server belongs to can log in remotely, as well as local users. (There is an excellent overview of these and other Terminal Services security issues in Chapter 12 of "Hacking Exposed Windows 2000: Network Security and Solutions" - ISBN: 0072192623.) 2. Historically, there have been security vulnerabilities found in Terminal Services, so there is at least an even chance that there will be more. Since the Terminal Services service runs as Local/System, any compromise is total compromise. 3. Default encryption settings are negotiated between client and workstation and at least theoretically weak. You've got to use Terminal Services Advanced Client in order to have 128-bit encryption. (This may have changed with 2K3, I don't know.) So, if you must have remote access to your servers, my recommendation would be to use some sort of client VPN to authenticate and encrypt users before they access servers directly. If VPN is not an option, restrict source addresses at the firewall to those that can be trusted and should be accessing the servers. PaulM
-----Original Message----- Hello, I would like to know if anyone has had any security issues opening port 3389 for Remote Desktop/Terminal Services for external access to their server(s). I'm using Win2003 Enterprise Server. I found this article for using IPSec on this port. http://support.microsoft.com/default.aspx?scid=kb;en-us;816521 Everett
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Using RDP Port 3389 woodse (Apr 08)
- <Possible follow-ups>
- RE: Using RDP Port 3389 Melson, Paul (Apr 16)
- RE: Using RDP Port 3389 Chuck Vose (Apr 20)
- RE: Using RDP Port 3389 Melson, Paul (Apr 21)
- RE: Using RDP Port 3389 Chuck Vose (Apr 21)
- RE: Using RDP Port 3389 R. DuFresne (Apr 22)
- RE: Using RDP Port 3389 Josh Welch (Apr 22)
- RE: Using RDP Port 3389 Spencer D'oro (Apr 22)
- RE: Using RDP Port 3389 Chuck Vose (Apr 21)
- RE: Using RDP Port 3389 Justin C. Laporte (Apr 27)
- RE: Using RDP Port 3389 Melson, Paul (Apr 27)
- Security through Obscurity [was RE: Using RDP Port 3389] Gwendolynn ferch Elydyr (Apr 27)
- Re: Security through Obscurity [was RE: Using RDP Port 3389] Elizabeth Zwicky (Apr 28)
- Security through Obscurity [was RE: Using RDP Port 3389] Gwendolynn ferch Elydyr (Apr 27)