Penetration Testing mailing list archives
Re: Securing RDP - Is it possible?
From: Parity <pty.err () gmail com>
Date: Tue, 14 Apr 2009 02:55:02 -0700
The main problem with RDP is the fact that old RDP clients don't authenticate the RDP server, exposing the client to rogue server / man-in-the-middle attacks. Newer RDP clients attempt to authenticate the server. More info here: http://blogs.msdn.com/rds/archive/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks.aspx As far as I know, VNC doesn't provide any facility for clients to authenticate the servers they're connecting to. Assuming I'm not completely wrong about that, I'd say VNC sucks even worse than RDP. pty On Tue, Apr 14, 2009 at 1:27 AM, Chip Panarchy <forumanarchy () gmail com> wrote:
Hello Is Secure RDP an impossibility? I am now working (WOOT) and they seem to use entirely RDP, almost no VNC... This, by my reckoning would make the network most insecure. Would you agree? Or is it possible to Secure RDP? Thanks in advance for sharing ideas on this matter, Panarchy ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Securing RDP - Is it possible? Chip Panarchy (Apr 14)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 15)
- Message not available
- Re: Securing RDP - Is it possible? David Glosser (Apr 15)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 16)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 14)
- Re: Securing RDP - Is it possible? Adriel T. Desautels (Apr 14)
- Re: Securing RDP - Is it possible? David Glosser (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 15)
- RE: Securing RDP - Is it possible? Lay, James (Apr 14)
- RE: Securing RDP - Is it possible? Harris, Michael C. (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Mark Owen (Apr 14)
- <Possible follow-ups>
- Securing RDP - Is it possible? christopher . riley (Apr 14)