Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Remote connections

from [GuidoZ] Network Security [Permanent Link]
Subject: Re: Remote connections
Date: Thu, 14 Oct 2004 23:54:37 -0700 
Why not? I don't know of any current exploit for RDP set to high
encryption, and even if there were any, connections may very well be
shielded by encrypted tunnels.


I'm not aware of any currently either, but as their track record
proves, that's meaningless. It was more of a retorical question and a
snide remark - please excuse it.


RDP can be tunneled thru SSH as well and has much better performance
than VNC (don't know about Radmin).


This may very well be true. I'm not up to par as much as I'd like on
RDP, although I'm quite well learned on VNC and such. TightVNC has
some of the best compression I've ever seen on a remote control app,
aside from some of the trojans out there. I've used TightVNC through
Dial-up many a times without delay or a problem. I'd love to see RDP
perform the same feat.

But I digress. Again, I very well could be wrong about RDP. I've
always leaned towards other remote control programs due to problems
that usually arises with proprietary programs. (I've been using a form
of WinVNC since before RDP was even thought of.) I'm biased - I'll
admit it. No harm in suggesting an alternative and letting the user
decide.


Regards
Ansgar Wiechers


Thanks for the intelligent reply, as usual. =) Take care.

--
Peace. ~G


On Thu, 14 Oct 2004 17:43:41 +0200, Ansgar -59cobalt- Wiechers
<bugtraq@planetcobalt.net> wrote:

On 2004-10-13 GuidoZ wrote:

Can the terms "Microsoft Remote Desktop" and "Secure" even be used in
the same discussion? =)


Why not? I don't know of any current exploit for RDP set to high
encryption, and even if there were any, connections may very well be
shielded by encrypted tunnels.


The only way I could see applying any form of security is to do it
under the protection of a VPN. As for not having the active user
logged off, I don't have an answer for that.

Personally, I'd recommend one of the many other remote desktop tools
out there. WinVNC and Radmin both come to midn quickly. (WinVNC can be
done through SSH. Though I'm not positive, I believe you can encrypt
Radmin sessions as well.) Google both for more info.


RDP can be tunneled thru SSH as well and has much better performance
than VNC (don't know about Radmin).

Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Restricting account to a computer only, Laura Robinson
Next by Date:  Re: Remote connections, Joshua Dale
Previous by Thread:  Re: Remote connections, Ansgar -59cobalt- Wiechers
Next by Thread:  Re: Remote connections, Matt Ostiguy
Indexes:  [Date] [Thread] [Top] [All Lists]