|
Penetration Testing
mailing list archives
RE: MS Terminal Services open to the world
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 11 Apr 2002 08:35:11 -0500
Actually we prefer TS to VNC with unencrypted passwords and PC-Anywhere that
broadcasts it's existance on the Internet.
Curt Purdy CISSP, MCSE+I, CNE, CCDA
Senior Systems Engineer
Information Security Engineer
DP Solutions
----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
-----Original Message-----
From: Ralph Los [mailto:RLos () enteredge com]
Sent: Friday, January 10, 2003 9:09 AM
To: 'Pen-test () securityfocus com'
Subject: MS Terminal Services open to the world
Sensitivity: Confidential
Hello all,
I've got a pretty good client of mine who absolutely refuses to heed
my warnings about keeping Terminal Services open to the world. They rely on
Windows passwords and figure that's strong enough for all their servers
(management). Now I'm given the task of auditing their
security/infrastructure and would like to come up some creative ways to back
up my point about MS TS open to the Internet being a bad idea.
Any thoughts or input is appreciated.
Ralph
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
