Re: TS/3389 risk on Internet

[Davide Carnevali <davide () protechta it>]

IMHO it is not a problem related to clear text or encrypted authentication.
TS is a very powerful yet dangerous service...it gives you total control 
over the machine...
Username/Password is a weak authentication method ...i could "guess" 
them or i can "ask" for them through social engineering .....
At leat you should implement a strong authentication method such as OTP.

And what about new vulnerability in TS that will be discovered tomorrow?
... better to use TS over a VPN using digital certificates...

Annibal!

net sec wrote:
> I have a peer that insists on allowing public access to his Domain 
> controller via TS/tcp 3389 over the internet.  I know there are some 
> documented cases of 'man-in-the-middle' attacks for this service but I 
> was hoping someone here could help me plead my case as to why this is a 
> bad idea.  Maybe you all disagree and regurlary allow this traffic.  It 
> just doesn't sit well with me.  Does anyone know if the login/password 
> is sent in clear text for TS authentication?
>
> Thanks in advance for any thoughts,
> Nicole
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how 
> to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
> ------------------------------------------------------------------------------ 
>
> Internet Security Systems. - Keeping You Ahead of the Threat
>
> When business losses are measured in seconds, Internet threats must be 
> stopped before they impact your network. To learn how Internet Security 
> Systems keeps organizations ahead of the threat with preemptive 
> intrusion prevention, download the new whitepaper, Defining the Rules of 
> Preemptive Protection, and end your reliance on reactive security 
> technology.
> http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> ------------------------------------------------------------------------------- 

--
-----------------------------------------------------------------------
Davide Carnevali
Chief Technical Officer
Protechta - Information Security
CCNA, CCSP, OPST
Tel. +39 0521 2021
Fax. +39 0521 207461
http://www.protechta.it/
e-mail: davide () protechta it
-----------------------------------------------------------------------

-----------------------------------------------------------------------------
Chi riceve il presente  messaggio e` tenuto a verificare se lo stesso 
non gli sia pervenuto per  errore.  In tal caso e` pregato di avvisare 
immediatamente il mittente  e,  tenuto  conto  delle  responsabilita` 
connesse  all'indebito utilizzo e/o  divulgazione  del  messaggio  e/o 
delle  informazioni  in esso contenute,  voglia  cancellare  l'originale 
 e distruggere  le varie copie  o stampe.

The receiver  of this message is required to check if  he/she has 
received it erroneously.  If  so,  the  receiver  is  requested to 
immediately inform the sender and - in consideration of the 
responsibilities  arising from undue use and/or disclosure of the 
message  and/or  the information contained therein - destroy the 
original message and any copy or printout thereof.
-----------------------------------------------------------------------------