
Penetration Testing mailing list archives
RE: Securing RDP - Is it possible?
From: "Harris, Michael C." <HarrisMC () health missouri edu>
Date: Tue, 14 Apr 2009 11:44:19 -0500
Also using the 2008 terminal service gateway options provide a single point of entry that can be more proactively controlled and integrated with ISA. http://technet.microsoft.com/en-us/library/cc731264.aspx http://blogs.technet.com/askperf/archive/2008/02/26/ws2008-terminal-serv ices-gateway-overview.aspx http://whitepapers.techrepublic.com.com/abstract.aspx?docid=299519 See also ISA & MS TS gateway details http://technet.microsoft.com/en-us/magazine/2008.09.tsg.aspx -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Glosser Sent: Tuesday, April 14, 2009 5:38 AM To: Chip Panarchy Cc: pen-test () securityfocus com Subject: Re: Securing RDP - Is it possible? You can configure better authentication and encryption with RDP (for example, http://technet.microsoft.com/en-us/library/cc782610.aspx, http://support.microsoft.com/kb/275727) Also change the RDP listening port to something non-standard. That won't prevent someone finding the port but should make it a little harder to find. On Tue, Apr 14, 2009 at 4:27 AM, Chip Panarchy <forumanarchy () gmail com> wrote:
Hello Is Secure RDP an impossibility? I am now working (WOOT) and they seem to use entirely RDP, almost no
VNC...
This, by my reckoning would make the network most insecure. Would you agree? Or is it possible to Secure RDP? Thanks in advance for sharing ideas on this matter, Panarchy ----------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- RE: Securing RDP - Is it possible?, (continued)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 15)
- Message not available
- Re: Securing RDP - Is it possible? David Glosser (Apr 15)
- RE: Securing RDP - Is it possible? Craig S. Wright (Apr 16)
- RE: Securing RDP - Is it possible? Leung, Kevin King Ting (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 14)
- Re: Securing RDP - Is it possible? Adriel T. Desautels (Apr 14)
- Re: Securing RDP - Is it possible? David Glosser (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Parity (Apr 15)
- RE: Securing RDP - Is it possible? Lay, James (Apr 14)
- RE: Securing RDP - Is it possible? Harris, Michael C. (Apr 14)
- RE: Securing RDP - Is it possible? Ben Little (Apr 14)
- Re: Securing RDP - Is it possible? Mark Owen (Apr 14)
- Securing RDP - Is it possible? christopher . riley (Apr 14)