RE: TS/3389 risk on Internet

["Todd Towles" <toddtowles () brookshires com>]

 I agree with everyone that thinks having exposed TS on the internet
isn't worth it. It looks like a very bad security move. It is
information leakage having services exposed like that...plus man in the
middle...brute force will happen...for a company, you have to reduce the
number of system exposed to the internet and the roles of those systems.
Put a webserver on the outside...and it doesn't do anything but serve
pages.

> -----Original Message-----
> From: Davide Carnevali [mailto:davide () protechta it] 
> Sent: Friday, October 29, 2004 2:56 AM
> To: net sec
> Cc: pen-test () securityfocus com
> Subject: Re: TS/3389 risk on Internet
>
> IMHO it is not a problem related to clear text or encrypted 
> authentication.
> TS is a very powerful yet dangerous service...it gives you 
> total control over the machine...
> Username/Password is a weak authentication method ...i could "guess" 
> them or i can "ask" for them through social engineering .....
> At leat you should implement a strong authentication method 
> such as OTP.
>
> And what about new vulnerability in TS that will be 
> discovered tomorrow?
> ... better to use TS over a VPN using digital certificates...
>
> Annibal!
>
> net sec wrote:
> > I have a peer that insists on allowing public access to his Domain 
> > controller via TS/tcp 3389 over the internet.  I know there 
> are some 
> > documented cases of 'man-in-the-middle' attacks for this 
> service but I 
> > was hoping someone here could help me plead my case as to 
> why this is 
> > a bad idea.  Maybe you all disagree and regurlary allow 
> this traffic.  
> > It just doesn't sit well with me.  Does anyone know if the 
> > login/password is sent in clear text for TS authentication?
> >
> > Thanks in advance for any thoughts,
> > Nicole
> >
> > _________________________________________________________________
> > On the road to retirement? Check out MSN Life Events for 
> advice on how 
> > to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
> ----------------------------------------------------------------------
> > --------
> >
> > Internet Security Systems. - Keeping You Ahead of the Threat
> >
> > When business losses are measured in seconds, Internet 
> threats must be 
> > stopped before they impact your network. To learn how Internet 
> > Security Systems keeps organizations ahead of the threat with 
> > preemptive intrusion prevention, download the new 
> whitepaper, Defining 
> > the Rules of Preemptive Protection, and end your reliance 
> on reactive 
> > security technology.
> > http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> ----------------------------------------------------------------------
> > ---------
>
> --
> --------------------------------------------------------------
> ---------
> Davide Carnevali
> Chief Technical Officer
> Protechta - Information Security
> CCNA, CCSP, OPST
> Tel. +39 0521 2021
> Fax. +39 0521 207461
> http://www.protechta.it/
> e-mail: davide () protechta it
> --------------------------------------------------------------
> ---------
>
> --------------------------------------------------------------
> ---------------
> Chi riceve il presente  messaggio e` tenuto a verificare se 
> lo stesso non gli sia pervenuto per  errore.  In tal caso e` 
> pregato di avvisare immediatamente il mittente  e,  tenuto  
> conto  delle  responsabilita` connesse  all'indebito utilizzo 
> e/o  divulgazione  del  messaggio  e/o delle  informazioni  
> in esso contenute,  voglia  cancellare  l'originale
>   e distruggere  le varie copie  o stampe.
>
> The receiver  of this message is required to check if  he/she 
> has received it erroneously.  If  so,  the  receiver  is  
> requested to immediately inform the sender and - in 
> consideration of the responsibilities  arising from undue use 
> and/or disclosure of the message  and/or  the information 
> contained therein - destroy the original message and any copy 
> or printout thereof.
> --------------------------------------------------------------
> ---------------