From: Davide Carnevali (davide@protechta.it)
Date: Fri Oct 29 2004 - 03:56:13 EDT
IMHO it is not a problem related to clear text or encrypted authentication.
TS is a very powerful yet dangerous service...it gives you total control
over the machine...
Username/Password is a weak authentication method ...i could "guess"
them or i can "ask" for them through social engineering .....
At leat you should implement a strong authentication method such as OTP.
And what about new vulnerability in TS that will be discovered tomorrow?
... better to use TS over a VPN using digital certificates...
Annibal!
net sec wrote:
> I have a peer that insists on allowing public access to his Domain
> controller via TS/tcp 3389 over the internet. I know there are some
> documented cases of 'man-in-the-middle' attacks for this service but I
> was hoping someone here could help me plead my case as to why this is a
> bad idea. Maybe you all disagree and regurlary allow this traffic. It
> just doesn't sit well with me. Does anyone know if the login/password
> is sent in clear text for TS authentication?
>
> Thanks in advance for any thoughts,
> Nicole
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how
> to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
> ------------------------------------------------------------------------------
>
> Internet Security Systems. - Keeping You Ahead of the Threat
>
> When business losses are measured in seconds, Internet threats must be
> stopped before they impact your network. To learn how Internet Security
> Systems keeps organizations ahead of the threat with preemptive
> intrusion prevention, download the new whitepaper, Defining the Rules of
> Preemptive Protection, and end your reliance on reactive security
> technology.
> http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> -------------------------------------------------------------------------------
>
-- ----------------------------------------------------------------------- Davide Carnevali Chief Technical Officer Protechta - Information Security CCNA, CCSP, OPST Tel. +39 0521 2021 Fax. +39 0521 207461 http://www.protechta.it/ e-mail: davide@protechta.it ----------------------------------------------------------------------- ----------------------------------------------------------------------------- Chi riceve il presente messaggio e` tenuto a verificare se lo stesso non gli sia pervenuto per errore. In tal caso e` pregato di avvisare immediatamente il mittente e, tenuto conto delle responsabilita` connesse all'indebito utilizzo e/o divulgazione del messaggio e/o delle informazioni in esso contenute, voglia cancellare l'originale e distruggere le varie copie o stampe. The receiver of this message is required to check if he/she has received it erroneously. If so, the receiver is requested to immediately inform the sender and - in consideration of the responsibilities arising from undue use and/or disclosure of the message and/or the information contained therein - destroy the original message and any copy or printout thereof. -----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT