Penetration Testing: MS Terminal Services open to the world

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

MS Terminal Services open to the world

From: "Ralph Los" <RLos () enteredge com>
Date: Fri, 10 Jan 2003 10:09:28 -0500

Hello all,

        I've got a pretty good client of mine who absolutely refuses to heed
my warnings about keeping Terminal Services open to the world.  They rely on
Windows passwords and figure that's strong enough for all their servers
(management).  Now I'm given the task of auditing their
security/infrastructure and would like to come up some creative ways to back
up my point about MS TS open to the Internet being a bad idea.

Any thoughts or input is appreciated.

Ralph


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

By Date By Thread

Current thread:

MS Terminal Services open to the world Ralph Los (Jan 10)
- Re: MS Terminal Services open to the world Don Voss (Jan 11)
- AW: MS Terminal Services open to the world Dominick Baier (Jan 12)
  - Re: AW: MS Terminal Services open to the world John the Kiwi (Jan 17)
- RE: MS Terminal Services open to the world Curt Purdy (Jan 12)
- <Possible follow-ups>
- RE: MS Terminal Services open to the world Puterbaugh, Mike (Jan 11)