Penetration Testing mailing list archives
RE: Remote Desktop/Term. Serv information leakage
From: "Ha, Jason" <JHa () verisign com au>
Date: Sat, 2 Jul 2005 16:23:15 +1000
Hey There, Actually, you can transfer files directly using RD. >:) If you edit the connection settings for your given connection, you'll notice a "Local Resources" tab. There, you can select "Disk Drives" which gives you the ability to have your hard drive mapped on the remote host. You can then freely transfer files between the two hosts. I wouldn't say it's so much of a bug than it is a "feature". Part of the process assumes that you have some type of valid logon to the remote host. You can always restrict the level of user authorisation (preventing them from writing to the local drive, preventing them from reading certain directories and so forth). I guess you can bolster additional security by not allowing "anyone" to connect to the remote host. You mention that it's on an isolated network which is not connected to the internet, so I assume it's just certain internal technical staff who can connect to the host? If so, you may be able to perform source IP restriction at the firewall/router/host level. If you need something a bit meatier, perhaps use additional levels of authentication to ensure that it's not possible to password guess or brute force the host. Perhaps even apply an additional level of authentication at the firewall/router level before it allows the connection through to the host? All of these solutions shouldn't be too costly. Hope this helps. Regards, Jason Ha [CISSP, CCSE, JNCIS-FWV] Senior Security Engineer, Security Operations Centre VeriSign Asia Pacific -----Original Message----- From: kuffya () gmail com [mailto:kuffya () gmail com] Sent: Saturday, July 02, 2005 12:42 AM To: pen-test () securityfocus com Subject: Remote Desktop/Term. Serv information leakage Hi list, One of our recent clients has a seperate 'isolated' network where they keep sensitive material. This network is not connected to the internet, is not physically accessible and you can only connect to it using remote desktop. They asked us to test if the isolated network was adequately protected. Here's what I discovered: When you start a Rem Desktop session from the main network to the isolated one you can actually copy and paste stuff across...this is only true for text not for complete files, and seems to be by design. What is more worrisome is that you can even copy across executables doing simple tricks such as 1)download an executable 2)change extension to .txt 3) copy (the text version) across to a notepad. 4)change it back to .exe So literally we have a significant leakage over here, introducing threats to the isolated network. I am posting this to ask your opinion on how this could be mitigated......I think that Remote Desktop is not possible to configure securely since it's not designed as such...and hence it transfers across anything it receives , be it mouse movements or copied & pasted text... So I was trying to think what would be the best solution, without spending a fortune on a 'secure' commercial solution, that is. Maybe something like SSH tunneling then Rem. Desktop or VNC or what? And do you think this 'bug' is something investigating any further? Is it something you people knew of? Thanks a lot.
Current thread:
- Remote Desktop/Term. Serv information leakage kuffya (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Eric Smith (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Kyle Maxwell (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Terry Vernon (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Paul Fields (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Thor (Hammer of God) (Jul 01)
- <Possible follow-ups>
- RE: Remote Desktop/Term. Serv information leakage Andre Protas (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Ha, Jason (Jul 02)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? RCS (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Chris Brenton (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Robert BARABAS (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? Maarten Hartsuijker (Jul 06)