TS/3389 risk on Internet

["net sec" <netsec9 () hotmail com>]

I have a peer that insists on allowing public access to his Domain 
controller via TS/tcp 3389 over the internet.  I know there are some 
documented cases of 'man-in-the-middle' attacks for this service but I was 
hoping someone here could help me plead my case as to why this is a bad 
idea.  Maybe you all disagree and regurlary allow this traffic.  It just 
doesn't sit well with me.  Does anyone know if the login/password is sent in 
clear text for TS authentication?

Thanks in advance for any thoughts,
Nicole

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement


------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. 

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------