From: Puterbaugh, Mike (Mike.Puterbaugh@53.com)
Date: Fri Jan 10 2003 - 12:56:23 EST
Terminal Services Security
Running Terminal Services may expose your domain to significant security
risks if appropriate precautions are not taken before and during the
Terminal Server deployment. The book "Hacking Exposed Windows 2000: Network
Security and Solutions", by Joel Scambray and Stuart McClure, provides
excellent coverage of Terminal Services security in Chapter 12. After all
maintenance and hotfixes are applied to your Terminal Server, be sure to
install and configure the following two utilities, available in the Windows
2000 Server Resource Kit.
TsVer.exe Version Limiter is a GUI-based tool that allows you to set whether
the Terminal Services Client supports version checking. This allows you to
limit access. Terminal Services Version Monitor (TsVer) is an
administrative tool for enforcing policies with respect to WinStation client
build numbers. This tool consists of two components, a wizard for editing
policies, enabling, and disabling version checking, as well as a dynamic
link library for enforcing policies. TsVer provides a way for you to
exercise control over which WinStation clients can connect to your servers.
Version Limiter features include:
explicit control over which client builds are permitted on your server.
easily enabled or disabled.
option for sending customized messages to rejected clients.
all failed logon attempts recorded to Windows event log with IP address and
computer name.
AppSec.exe The Application Security tool is a GUI-based application that
allows an administrator in a multi-user environment to restrict the access
of ordinary users to a predefined set of applications on the network.
Enabling application security using this tool will cause the system to
reject any attempts by ordinary users to execute a program that they are not
authorized to use.
-----Original Message-----
From: Ralph Los [mailto:RLos@enteredge.com]
Sent: Friday, January 10, 2003 10:09 AM
To: 'Pen-test@securityfocus.com'
Subject: MS Terminal Services open to the world
Sensitivity: Confidential
Hello all,
I've got a pretty good client of mine who absolutely refuses to heed
my warnings about keeping Terminal Services open to the world. They rely on
Windows passwords and figure that's strong enough for all their servers
(management). Now I'm given the task of auditing their
security/infrastructure and would like to come up some creative ways to back
up my point about MS TS open to the Internet being a bad idea.
Any thoughts or input is appreciated.
Ralph
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT