From: Neale Green (neale.green@neale.org)
Date: Mon Nov 01 2004 - 23:06:30 EST
A good many claims are made in regard to how solid and secure the Microsoft
protocols are, but it has been proven numerous times that undocumented
"hooks" and associations have been added to make life "easier" by bypassing
the restrictions that are supposedly in place to ensure that they are, in
fact, secure.
My last position was working in network and network perimeter security for
one of the "Big Three" Computer Services Suppliers, and I would NEVER allow
3389 traffic over a Network perimeter, especially from the Internet ( I'm
not too happy about any generic logons from the internet, but the only
Terminal Server traffic I allowed was encrypted Citrix Terminal Server
traffic, at least we can independently confirm what you can access with
Citrix traffic ).
FWIW
Neale Green
----- Original Message ----- >
>> I have a peer that insists on allowing public access to his Domain
>> controller via TS/tcp 3389 over the internet. I know there are some
>> documented cases of 'man-in-the-middle' attacks for this service but I
>> was
>> hoping someone here could help me plead my case as to why this is a bad
>> idea. Maybe you all disagree and regurlary allow this traffic. It just
>> doesn't sit well with me. Does anyone know if the login/password is sent
> in clear text for TS authentication?
>>
>> Thanks in advance for any thoughts,
>> Nicole
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.788 / Virus Database: 533 - Release Date: 1/11/2004
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT