Re: MS Terminal Services open to the world

["Don Voss" <voss () albany edu>]

Ralph,

I am not sure if this is the "creative" method you were thinking of .. 
but facts, facts, and more facts would be my choice.

You have a broad area to cover. Do you convince them that none of their 
material should face the internet ?.. as in no firewall [ my assumption 
of no firewall .. . if the TS enabled servers are directly facing net.] 
Thus the exposed TS material is just one of the risks they are allowing.

or 

Do you show detailed recorded examples of TS exploitation ? 

Which leads me to .. is there documentation of TS material being 
exploited and how ? I do not know about that so I searched google a bit, 
jumped to securityfocus, searched their vulnerabilities database, under 
microsoft it showed 2 TSAC activeX issues .. which I am not qualified to 
comment on. links below.

Microsoft TSAC ActiveX Control 

http://online.securityfocus.com/bid/5952

http://online.securityfocus.com/bid/5554

At the link below, quick glance, there seems to be much info regarding 
terminal services functionality. 

http://www.ntsecurity.net/Articles/Index.cfm?TopicID=800

and so on.

Of course .. If you are skilled enough and can get the approval to try .. 
exploit it yourself. Setup a prove-able test .. get somewhere secure .. 
modify a agreed upon parameter / setting. How could they argue with that 
?

[ I do not know if or how to if it is possible. I am just offering 
logical "proof" options. ]

You may find the terminal services [ with version control, current 
patches, etc] ok. Then the facts do not support your warnings, right? 

Even so there seems to be enough evidence of other risks, almost to the 
point of common sense, not to have servers / services / clients exposed 
directly to the net. A inventory of what they have running facing the net 
and a list of exploits against those services/OS's/clients .. with some 
cost liability numbers should be sobering.

That said .. it may not sway them .. here at the university .. the only 
device , as far as I know, they have purchased is a packetteer used to 
throttle back the dorms from file sharing outboud congestion. Politics 
and money are a big part of these decisions. At least you can give them 
hard data to add to the mix.

regards,
/don



On 10 Jan 2003 at 10:09, Ralph Los wrote:

> Hello all,
>
>  I've got a pretty good client of mine who absolutely refuses to heed my
> warnings about keeping Terminal Services open to the world.  They rely on
> Windows passwords and figure that's strong enough for all their servers
> (management).  Now I'm given the task of auditing their
> security/infrastructure and would like to come up some creative ways to
> back up my point about MS TS open to the Internet being a bad idea.
>
> Any thoughts or input is appreciated.
>
> Ralph

_____________________________________________
Don Voss                                      voss () albany edu
Sr. Programmer Analyst
Geography & Planning Department
The University at Albany, SUNY
Albany, NY, 12222-0100

Jazz music: an intensified feeling of nonchalance.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/