RE: TS/3389 risk on Internet

["Peadro, Jeff (AIS)" <jpeaa () allstate com>]

If you choose to do this you need to enable high encryption which uses
128 bit and change the port TS listens on.
http://support.microsoft.com/default.aspx?scid=187623  

Jeff

-----Original Message-----
From: net sec [mailto:netsec9 () hotmail com]
Sent: Tuesday, October 26, 2004 4:19 PM
To: pen-test () securityfocus com
Subject: TS/3389 risk on Internet


I have a peer that insists on allowing public access to his Domain 
controller via TS/tcp 3389 over the internet.  I know there are some 
documented cases of 'man-in-the-middle' attacks for this service but I
was 
hoping someone here could help me plead my case as to why this is a bad 
idea.  Maybe you all disagree and regurlary allow this traffic.  It just

doesn't sit well with me.  Does anyone know if the login/password is
sent in 
clear text for TS authentication?

Thanks in advance for any thoughts,
Nicole

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how
to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement


------------------------------------------------------------------------
------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security
Systems keeps organizations ahead of the threat with preemptive
intrusion prevention, download the new whitepaper, Defining the Rules of
Preemptive Protection, and end your reliance on reactive security
technology. 

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
------------------------------------------------------------------------
-------