Security Basics mailing list archives
Re: Rdp over ssl
From: Greg Rubin <grrubin () gmail com>
Date: Mon, 16 Apr 2012 07:51:51 -0700
Actually, there is sometimes a way for people to review and validate self-signed certificates. If you can provide the user the certificate's thumbprint/hash and trust the user to validate it (a very high difficulty in implementation and use) then the user can trust the certificate's authenticity. That said, there is usually a better way of doing this. Greg On Apr 16, 2012, at 7:43 AM, Thugzclub Thugzclub <thugzclub () googlemail com> wrote:
using self signed certificate does not provide any authentication guarantees to the user that is connecting to the system. Reason being that the user has not strong way of validating that the contents of the certificates have not been changed or generated by another user. Consequently they have not assurance of the identity of the system that they are connecting to...The same applies even if they are reviewing the contents of the certificate... It should only be advised in low risk environment such as a local/intranet environment. Its not advisable for external systems. On 13 April 2012 12:47, _ <packetnull () gmail com> wrote:and to add your goal on setting up a * ssl (from my understanding looks like you want a wildcard ssl) is a bad idea as well because it defeats the purpose of validating that a specific cert is owned by a specific server On Apr 9, 2012, at 9:11 PM, Stephanus J Alex Taidri <securityfocus.ae () taidri com> wrote:Hi Robert, The problem with self-signed-certificate is you really need to educate the users and ensure they always check for the certificate issuer, expiry, other parameters, etc before accepting the sessions. As we know... most users don't bother and just click Accept. That's mean, if the hijacker using MITM attack able to intercept your traffic (which is easy if this is traverse the internet) and present their own self-signed-certificate, most users do not aware and will still Accept the connection, thus being hijacked. Therefore it's imperative to implement a valid certificate either for public CA or private CA as long as the chain can be validate back and user's browser able to validate the authenticity of the certificate. Kind regards, SJ Alex Taidri On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 () gmail com> wrote:Hello all, I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat . One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ? Man in the middle , is it yet possible ? My principal problem is to deploy a certificate signed by our ca on all our servers ? À certificate with * character resolve my problem ? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Rdp over ssl Robert Smith (Apr 09)
- Re: Rdp over ssl Stephanus J Alex Taidri (Apr 10)
- Re: Rdp over ssl _ (Apr 15)
- Re: Rdp over ssl Thugzclub Thugzclub (Apr 16)
- Re: Rdp over ssl Greg Rubin (Apr 16)
- Re: Rdp over ssl riftman (Apr 16)
- Re: Rdp over ssl _ (Apr 15)
- Re: Rdp over ssl Stephanus J Alex Taidri (Apr 10)