RE: Terminal Services over VPN

["Filip Maertens" <fmt () ascure com>]

Hi David,


Encryption is a component of Remote Desktop Protocol (RDP), which is in
turn based on the ITU T.120 protocol. However one would tend to think
that "there is encryption, so it's fine", he or she should refrain from
opening RDP open to the untrusted world out there. The RC4 stream cipher
(56/128 bit) is used in the encryption of data leaving and entering your
TS session. Which isn't exactly the safest protocol known, and incidents
of weak "pseudo random" generated keys have been reported. Taking
"MS02-051" in consideration indicating a flawed first implementation of
the cipher algorithm and using even a basic defense in depth philosophy
mindset, I would strongly recommend using VPN as an additional
encryption layer to your TS sessions.


Kind regards,

Filip

-----Oorspronkelijk bericht-----
Van: David Y. Ng [mailto:dng () cmhsweb org] 
Verzonden: donderdag 14 augustus 2003 21:43
Aan: security-basics () securityfocus com
Onderwerp: Terminal Services over VPN

Has anyone used Terminal Services over Microsoft's VPN
server? I need to run some program off the server and when I
used just the VPN, it was terribly slow. The solution on paper
is to run the program off Terminal Services and just let it
pass through the VPN which could be faster, supposedly.

Any experiences with this? Is Terminal Services in itself
secure? I read there's some form of encryption also but
is it comparable to VPN in a way?


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------