Home page logo
/

basics logo Security Basics mailing list archives

Re: Remote Web Workplace security
From: "Paul Halliday" <paul.halliday () gmail com>
Date: Thu, 9 Mar 2006 07:41:55 -0400

My reasoning is that the semantics of the connection method are not as
important as the trust relationship between the connecting host and
the workplace. The pipe to your workplace (regardless of the method
that you use to secure it) is not the weakest link; the connecting
party is. From a due diligence perspective it only makes sense to use
a VPN to connect to your workplace. However, this does not eliminate
the more common threat, which would be a compromised host establishing
the connection.

If I rolled something like this out, my last concern would be someone
trying to attack the tunnel itself; this is why we have IDS/IPS. But
if someone makes off with the credentials of the connecting party, or
if the connecting party is no longer in control of their machine, we
have no way to detect or prevent it. Unless you can insure a trust
relationship between the VPN and all machines that will ever connect
to it, worrying about the details of the connection method are the
least of your worries.

On 3/7/06, ROB DIXON <RDIXON () workforcewv org> wrote:
Hi David,

Without of course illustrating an attack, could you explain your comment regarding "I would fire a keylogger onto 
your machine far quicker
than attempting to MITM your rdp session."?
In other words, which connection method are you stating is more vulnerable to which attack?

Thanks



Robert L. Dixon,  CSO
CHFI A+
State of West Virginia's
West Virginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225
Email:rdixon () workforcewv org
"Paul Halliday" <paul.halliday () gmail com>  >>>
On 3 Mar 2006 02:09:31 -0000, davidj () comparto com au
<davidj () comparto com au> wrote:

My fellow Sys Admin has been pushing the 'Remote Web Workplace' as the remote connection option to our clients. 
Where I prefer the Remote Desktop through VPN whenever possible.







I understand the straight Remote Desktop has RC4 security which is rather weak. I dont believe this has been 
improved when using the 'Remote Web Workplace' method? Any I wrong?

I want to make it policy that Remote Desktop connections via a VPN must always be used before the 'Remote Web 
Workplace', whenever possible.
Am I being paranoid?

Yes you are. I would fire a keylogger onto your machine far quicker
than attempting to MITM your rdp session.


Thanks

Dave J

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault