IMHO it is not a problem related to clear text or encrypted authentication.
TS is a very powerful yet dangerous service...it gives you total control
over the machine...
Username/Password is a weak authentication method ...i could "guess"
them or i can "ask" for them through social engineering .....
At leat you should implement a strong authentication method such as OTP.
And what about new vulnerability in TS that will be discovered tomorrow?
... better to use TS over a VPN using digital certificates...
Annibal!
net sec wrote:
I have a peer that insists on allowing public access to his Domain
controller via TS/tcp 3389 over the internet. I know there are some
documented cases of 'man-in-the-middle' attacks for this service but I
was hoping someone here could help me plead my case as to why this is a
bad idea. Maybe you all disagree and regurlary allow this traffic. It
just doesn't sit well with me. Does anyone know if the login/password
is sent in clear text for TS authentication?
Thanks in advance for any thoughts,
Nicole
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how
to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security
Systems keeps organizations ahead of the threat with preemptive
intrusion prevention, download the new whitepaper, Defining the Rules of
Preemptive Protection, and end your reliance on reactive security
technology.
http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------
--
-----------------------------------------------------------------------
Davide Carnevali
Chief Technical Officer
Protechta - Information Security
CCNA, CCSP, OPST
Tel. +39 0521 2021
Fax. +39 0521 207461
http://www.protechta.it/
e-mail: davide@protechta.it
-----------------------------------------------------------------------
-----------------------------------------------------------------------------
Chi riceve il presente messaggio e` tenuto a verificare se lo stesso
non gli sia pervenuto per errore. In tal caso e` pregato di avvisare
immediatamente il mittente e, tenuto conto delle responsabilita`
connesse all'indebito utilizzo e/o divulgazione del messaggio e/o
delle informazioni in esso contenute, voglia cancellare l'originale
e distruggere le varie copie o stampe.
The receiver of this message is required to check if he/she has
received it erroneously. If so, the receiver is requested to
immediately inform the sender and - in consideration of the
responsibilities arising from undue use and/or disclosure of the
message and/or the information contained therein - destroy the
original message and any copy or printout thereof.
-----------------------------------------------------------------------------
