From: Todd Towles (toddtowles@brookshires.com)
Date: Tue Nov 02 2004 - 14:18:49 EST
I agree with everyone that thinks having exposed TS on the internet
isn't worth it. It looks like a very bad security move. It is
information leakage having services exposed like that...plus man in the
middle...brute force will happen...for a company, you have to reduce the
number of system exposed to the internet and the roles of those systems.
Put a webserver on the outside...and it doesn't do anything but serve
pages.
> -----Original Message-----
> From: Davide Carnevali [mailto:davide@protechta.it]
> Sent: Friday, October 29, 2004 2:56 AM
> To: net sec
> Cc: pen-test@securityfocus.com
> Subject: Re: TS/3389 risk on Internet
>
> IMHO it is not a problem related to clear text or encrypted
> authentication.
> TS is a very powerful yet dangerous service...it gives you
> total control over the machine...
> Username/Password is a weak authentication method ...i could "guess"
> them or i can "ask" for them through social engineering .....
> At leat you should implement a strong authentication method
> such as OTP.
>
> And what about new vulnerability in TS that will be
> discovered tomorrow?
> ... better to use TS over a VPN using digital certificates...
>
> Annibal!
>
> net sec wrote:
> > I have a peer that insists on allowing public access to his Domain
> > controller via TS/tcp 3389 over the internet. I know there
> are some
> > documented cases of 'man-in-the-middle' attacks for this
> service but I
> > was hoping someone here could help me plead my case as to
> why this is
> > a bad idea. Maybe you all disagree and regurlary allow
> this traffic.
> > It just doesn't sit well with me. Does anyone know if the
> > login/password is sent in clear text for TS authentication?
> >
> > Thanks in advance for any thoughts,
> > Nicole
> >
> > _________________________________________________________________
> > On the road to retirement? Check out MSN Life Events for
> advice on how
> > to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
> >
> >
> >
> ----------------------------------------------------------------------
> > --------
> >
> > Internet Security Systems. - Keeping You Ahead of the Threat
> >
> > When business losses are measured in seconds, Internet
> threats must be
> > stopped before they impact your network. To learn how Internet
> > Security Systems keeps organizations ahead of the threat with
> > preemptive intrusion prevention, download the new
> whitepaper, Defining
> > the Rules of Preemptive Protection, and end your reliance
> on reactive
> > security technology.
> > http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> >
> ----------------------------------------------------------------------
> > ---------
> >
>
> --
> --------------------------------------------------------------
> ---------
> Davide Carnevali
> Chief Technical Officer
> Protechta - Information Security
> CCNA, CCSP, OPST
> Tel. +39 0521 2021
> Fax. +39 0521 207461
> http://www.protechta.it/
> e-mail: davide@protechta.it
> --------------------------------------------------------------
> ---------
>
> --------------------------------------------------------------
> ---------------
> Chi riceve il presente messaggio e` tenuto a verificare se
> lo stesso non gli sia pervenuto per errore. In tal caso e`
> pregato di avvisare immediatamente il mittente e, tenuto
> conto delle responsabilita` connesse all'indebito utilizzo
> e/o divulgazione del messaggio e/o delle informazioni
> in esso contenute, voglia cancellare l'originale
> e distruggere le varie copie o stampe.
>
> The receiver of this message is required to check if he/she
> has received it erroneously. If so, the receiver is
> requested to immediately inform the sender and - in
> consideration of the responsibilities arising from undue use
> and/or disclosure of the message and/or the information
> contained therein - destroy the original message and any copy
> or printout thereof.
> --------------------------------------------------------------
> ---------------
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT