Full Disclosure mailing list archives
Re: RDP, can it be done safely?
From: Jonathan Leigh <dantevios () gmail com>
Date: Wed, 9 Jun 2010 16:43:37 -0500
"My question therefore is, can I turn on RDP safely, without exposing my Windows server to risk of exploitation?" Yes. As long as you setup terminal services correctly to only allow clients that use encrypted RDP clients to log in it is relatively safe to allows users RDP access. There is an option that allows people using unsafe, unencrypted RDP clients to log in for legacy compatibility reasons, but it would be bad to allow that. Make sure they have strong passwords because most likely you will see in your logs people brute forcing logins to it every day if you open it up to the WAN. I have seen multiple brute force attempts to an SSH box I had setup remotely from my house, and I'm not even running a business. You can set an account lockout policy for RDP to stop them from attempting so much: http://www.mobydisk.com/techres/securing_remote_desktop.html . Now, you also have to take into account users computers at home are probably not very sanitary, so there is also a risk of their passwords getting sniffed by keyloggers from malware (especially if these people are so enthusiastic about using windows). But as far as I know over the wire RDP is an encrypted protocol so the traffic is safe from being sniffed. If the data is too sensitive I wouldn't do it myself, but if you're at joe smoe's small business I'd say go for it. On Wed, Jun 9, 2010 at 3:35 PM, Daniel Sichel <daniels () ponderosatel com>wrote:
We have a boneheaded group of software developers who even in this day and age eschew the client server model of software for the easier dumber run it from the console school of design. So I have this idiotic Windows accounting application that MUST run on an application server, cannot be run from a client. Rather than have my accounting department log in directly to the physical box, I would like to have them use some flavor of terminal services on my Windows server. My question therefore is, can I turn on RDP safely, without exposing my Windows server to risk of exploitation? Thanks for any help you can give. Dan S. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- -- Thank you, Jon Leigh ========================================================== Email: Dantevios () gmail com Website: http://www.dantevios.com Facebook: http://www.facebook.com/dantevios Gtalk: Dantevios () gmail com ICQ: 577683269 AIM: Dantevios MSN: Dantevios () hotmail com Yahoo: Dantevios () yahoo com Skype User: Dantevios Skype #: 662-524-3653 ==========================================================
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: RDP, can it be done safely?, (continued)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 09)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? Marsh Ray (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? J. Ottosson (Jun 10)
- Re: RDP, can it be done safely? Larry Seltzer (Jun 09)
- Re: RDP, can it be done safely? Jeffrey Walton (Jun 10)
- Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
- Re: RDP, can it be done safely? Cor Rosielle (Jun 10)