Re: TS/3389 risk on Internet

From: Adam Jones (ajones1@gmail.com)
Date: Thu Oct 28 2004 - 14:32:13 EDT

• Next message: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• Previous message: Burnett, Robert: "Frontpage files"
• In reply to: net sec: "TS/3389 risk on Internet"
• Next in thread: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I see no reason to allow unrestricted access to a DC. IMO the only
servers that should be completely publicly exposed are Web servers and
any other systems that serve as a face to the masses.

Your perimeter firewall should be blocking most traffic to a DC from
the net. If you need TS on the DC that much it does not take much to
allow connections from a specific IP address. If his address is
dynamic look into a VPN.

A quick search of microsoft.com/technet yielded that terminal services
does in fact perform logon encryption, and is capable of encrypting
all data at various levels.
http://www.microsoft.com/technet/prodtechnol/win2kts/evaluate/featfunc/w2ktsrg.mspx#ECAA

I didn't look enough to get the encryption types available, but i'm
confident that the newer versions of TS are more than capable in that
respect.

-Adam

• Next message: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• Previous message: Burnett, Robert: "Frontpage files"
• In reply to: net sec: "TS/3389 risk on Internet"
• Next in thread: Jeffrey Clark: "Re: TS/3389 risk on Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT