RE: Using RDP Port 3389

["Melson, Paul" <PMelson () sequoianet com>]

If it were me, I would have three concerns about allowing RDP
connections from the Internet.

1. The default Event logging and user controls for Terminal Services are
inadequate.  Any user in a domain/workgroup that your server belongs to
can log in remotely, as well as local users.  (There is an excellent
overview of these and other Terminal Services security issues in Chapter
12 of "Hacking Exposed Windows 2000: Network Security and Solutions" -
ISBN: 0072192623.)

2. Historically, there have been security vulnerabilities found in
Terminal Services, so there is at least an even chance that there will
be more.  Since the Terminal Services service runs as Local/System, any
compromise is total compromise.

3. Default encryption settings are negotiated between client and
workstation and at least theoretically weak.  You've got to use Terminal
Services Advanced Client in order to have 128-bit encryption.  (This may
have changed with 2K3, I don't know.)

So, if you must have remote access to your servers, my recommendation
would be to use some sort of client VPN to authenticate and encrypt
users before they access servers directly.  If VPN is not an option,
restrict source addresses at the firewall to those that can be trusted
and should be accessing the servers.

PaulM



> -----Original Message-----
> Hello,
>
> I would like to know if anyone has had any security issues 
> opening port 3389 for Remote Desktop/Terminal Services for 
> external access to their server(s). I'm using Win2003 
> Enterprise Server.
>
> I found this article for using IPSec on this port. 
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;816521
>
> Everett
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards