Penetration Testing mailing list archives
Re: Terminal services and remote programs.
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Date: Tue, 29 Apr 2008 23:00:03 +0530
Hey Paul, Things like Citrix work exactly like this. So that way you do not have to install programs on each and every user workstation; in this case Office and Adobe possibly primarily because licenses are costly. Is this machine on which your products are installed part of a domain? Do all users actually "login" to this machine or do they just double click on this shortcut on their desktops? If its a login keep in mind that you're probably allowing X users all connections to your server on which products are installed. You'll probably have to harden Terminal Services really well so that these guys can only launch products they "need to launch". What context will they run under? The context of the user they launch the application as. So if you've denied a user access to say cmd.exe and they break out off Office(somehow) they will get a cmd prompt of that ID. All this however can definitely be prevented if there's proper network and host level access control in place. Who gains access to the machine? Strong password policies. Strict control over running what exe's(there are products which do this) and hardening Terminal services through the mmc snap in available plus using RDP over SSL with atleast a self signed certificate. This should get you going at least!! Cheers Arvind On Sat, Apr 26, 2008 at 4:33 AM, Paul Halliday <paul.halliday () gmail com> wrote:
I am just curious if any of you have performed an audit on a setup like this: In a nutshell, tech services is looking to offer the entire Microsoft Office suite and Adobe Creative suite through Terminal services. My immediate concern is, If there is a vulnerability in the remote apps, what will the context be for the attacker? Is there anything else I should be looking more closely at? Thanks. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Fwd: Terminal services and remote programs. Paul Halliday (Apr 28)
- Message not available
- Re: Terminal services and remote programs. arvind doraiswamy (Apr 29)
- RE: Terminal services and remote programs. Sean Tindall (Apr 30)
- Re: Terminal services and remote programs. arvind doraiswamy (Apr 29)
- Message not available
- Re: Fwd: Terminal services and remote programs. Sat Jagat Singh (Apr 30)