Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Under the hood question about Remote Desktop Connection

from [Wayne S. Anderson] Network Security [Permanent Link]
Subject: RE: Under the hood question about Remote Desktop Connection
Date: Fri, 25 Jan 2008 08:04:59 -0700 
By default, there are three settings in a non-FIPS, non-TLS environment:
Low, High, and Client Compatible.  Low is encrypted with 56-bit RC4, High is
encrypted with 128-bit RC4 (or TLS if configured).  Client compatible
selects the highest supported level of encryption between the two. Just so
you know, by default you are usually using 128 bit RC4 in a homogenous
Windows XP / Server 2003 environment.  With RDP 5.2 and later (XP, Server
2003, Vista, Server 2008), you can set the encryption to use TLS 1.0 with
certificates.  This should solve any concern about key exchange by ensuring
your local infrastructure adopts an accepted standard.

There are other solutions, of course, including implementing IPSec so that
administrators are running RDP and other sensitive sessions over IPSec
channels, thereby circumventing the issue of RDP encryption integrity
completely but for obvious reasons, the performance and maintainability is
going to be significantly in favor of simply using TLS if this is really a
concern.

Windows Server 2003
Client-Based Encryption Config: 
http://technet2.microsoft.com/windowsserver/en/library/cdfe9f76-fb54-46fe-84
c0-7cf637dc65be1033.mspx?mfr=true  
Server-Based Encryption Config:
http://technet2.microsoft.com/windowsserver/en/library/a92d8eb9-f53d-4e86-ac
9b-29fd6146977b1033.mspx?mfr=true  
http://technet2.microsoft.com/windowsserver/en/library/8be5bfb5-b652-49aa-8a
c4-f6c2b01f35101033.mspx?mfr=true   

Windows Server 2008
Server-Based Encryption Config:
http://technet2.microsoft.com/windowsserver2008/en/library/9a86af81-c87e-41f
2-bdec-b154d896a8821033.mspx?mfr=true  

There is one other thing that I think you may want to pay attention to,
there are some things in any RDP session which are, by default, not
encrypted.  For XP or 2003 based sessions, there is a KB article which
reviews these elements: http://support.microsoft.com/kb/275727 

This documentation is not yet fully available for RDP 6.0 which is used in
Vista and Windows Server 2008.


-W

Wayne S. Anderson
http://www.linkedin.com/in/wayneanderson

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Wozny, Scott
Sent: Thursday, January 24, 2008 12:20 PM
To: focus-ms@securityfocus.com
Subject: Under the hood question about Remote Desktop Connection

Doing some poking around in the list archives and some sites on the net, I
see how one can require remote connections to use 128-bit RC4 encryption. 
Setting aside the debate on whether or not this algorithm qualifies as
secure or insecure, this is a symmetric algorithm.  As sending the key in
the clear would be a major faux pas, does anyone know what mechanism this
app uses to do secure key exchange?  Does it just ?borrow? a browser cert to
do a DH exchange?
 
Any insights would be appreciated.
 
Thanks,
 
Scott
 
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Under the hood question about Remote Desktop Connection, JÃrgen Hovelsen
Next by Date:  RE: Under the hood question about Remote Desktop Connection, Miha Pihler
Previous by Thread:  Re: Under the hood question about Remote Desktop Connection, JÃrgen Hovelsen
Next by Thread:  RE: Under the hood question about Remote Desktop Connection, Miha Pihler
Indexes:  [Date] [Thread] [Top] [All Lists]