Educause Security Discussion mailing list archives
Re: iPad and access to university ERP
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Thu, 22 Jul 2010 10:25:16 -0400
To take this discussion down a different road .. our findings are that the weak point of this process is the passwords that people us to secure their RDP sessions.
Right now, there are 12 IPs scanning our campus looking for RDP sessions to launch a brute force attack against. We recommend at least 15 character passwords (usual caveats, upper, lower, numbers, no dictionary words, etc.) I wouldn't worry so much about someone sniffing the pages flying thru the air .. I would worry more about them planting a key logger on the base machine :-) My 2 cents. Joel Rosenblatt Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Thursday, July 22, 2010 8:08 AM -0600 "SCHALIP, MICHAEL" <mschalip () CNM EDU> wrote:
My point is that this kind of connection isn't persistent. Realistically - someone would have to be sniffing the traffic - discover the session - attempt to "brute force" it - and hope to get something meaningful from the session. Yeah - sometimes "good enough" is just that.....(just my take....) -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Wednesday, July 21, 2010 9:46 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad and access to university ERP On Wed, 21 Jul 2010 16:45:27 MDT, "SCHALIP, MICHAEL" said:But.....given that the session *is* encrypted - and not persistent- wouldn't *any* kind of encryption be serviceable for something like this?*any* kind? Given today's CPU speeds, 40 bit encryption is essentially rot-13. Brute-force test all 1,099,511,627,776 keys in a few minutes. If you have a botnet of more than a few hundred machines, it will take more compute power to distribute the job than it will to break the keys. Still think "*any*" is good enough? :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Re: iPad and access to university ERP, (continued)
- Re: iPad and access to university ERP James Peluso (Jul 24)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP John Hoffoss (Jul 22)
- Re: iPad and access to university ERP Bret Ingerman (Jul 23)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Roger Safian (Jul 22)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 21)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 22)
- Re: iPad and access to university ERP Joel Rosenblatt (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 24)