Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Remote connections

from [Langston, Fred] Network Security [Permanent Link]
Subject: RE: Remote connections
Date: Thu, 14 Oct 2004 12:01:22 -0400 
Maybe this was earlier in the thread, but is everyone aware that RDP can be
(weakly) encrypted:

When RDP has encryption enabled, packets are first encrypted using RC4,
then an 8 byte HMAC checksum of the plaintext is prepended to the
cyphertext.  The encryption key for RC4 is refreshed every 4096 packets,
but the HMAC key is apparently not changed during the session. 

Fred Langston, CISSP
Principal Consultant
VeriSign, Inc.  Global Security Consulting
M: 425.765.3330 O: 206.903.8147 x223


-----Original Message-----
From: nat [mailto:nat@nuqe.net] 
Sent: Wednesday, October 13, 2004 12:34 PM
To: Paul Aviles; focus-ms@securityfocus.com
Subject: Re: Remote connections


earlier Paul Aviles wrote:


Has anyone implemented Microsoft Remote Desktop in a secure and
efficient way? Is there a way to overcome having the host computer
logoff the current active user? Without that this program is pretty 
much
useless.


I tunnel RDP connections via SSH to secure, works well here.

I think the local user is only logged off if you are using terminal 
services
on Windows XP, I have never seen this happen when administering
Windows 2000 Servers.

Regards,

Nat,
-- 
http://photos.nuqe.net



---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Remote connections, nat
Next by Date:  Re: Remote connections, Ansgar -59cobalt- Wiechers
Previous by Thread:  RE: Remote connections, Jim Harrison (ISA)
Next by Thread:  Re: Re: Remote connections, Laura Robinson
Indexes:  [Date] [Thread] [Top] [All Lists]