Re: Remote Desktop/Term. Serv information leakage

From: Joachim Schipper (j.schipper@math.uu.nl)
Date: Fri Jul 01 2005 - 11:55:38 EDT


On Fri, Jul 01, 2005 at 02:41:45PM -0000, kuffya@gmail.com wrote:
> Hi list,
> One of our recent clients has a seperate 'isolated' network where they keep sensitive material. This network is not connected to the internet, is not physically accessible and you can only connect to it using remote desktop. They asked us to test if the isolated network was adequately protected.
> Here's what I discovered: When you start a Rem Desktop session from the main network to the isolated one you can actually copy and paste stuff across...this is only true for text not for complete files, and seems to be by design. What is more worrisome is that you can even copy across executables doing simple tricks such as
> 1)download an executable
> 2)change extension to .txt
> 3) copy (the text version) across to a notepad.
> 4)change it back to .exe
> So literally we have a significant leakage over here, introducing threats to the isolated network.
> I am posting this to ask your opinion on how this could be mitigated......I think that Remote Desktop is not possible to configure securely since it's not designed as such...and hence it transfers across anything it receives , be it mouse movements or copied & pasted text...
> So I was trying to think what would be the best solution, without spending a fortune on a 'secure' commercial solution, that is. Maybe something like SSH tunneling then Rem. Desktop or VNC or what?
> And do you think this 'bug' is something investigating any further? Is it something you people knew of?
>
> Thanks a lot.

Hi,

this is a well-known feature of most/many VNC systems (and RDesktop is
pretty much the same as a VNC system).

What are they trying to protect from? External hackers trying to gain
access to the data? Malicious employees (who do have legitimate access)?
Snooping attackers? People brute forcing their way in?

SSL can help against the last two problems (certificate-based
authentication is very difficult to brute-force!), but is worth nothing
against the second. And only a little against the first, because the
'secured' network really isn't much more secure than the computers used
to access it. And bouncing the attack is not beyond a sophisticated
attacker...

Being able to copy data to and from the systems is pretty much implied
in granting access. In the worst case, you can just 'copy' stuff by
typing (to) or even just memorizing (from). And yes, you can transfer
executables this way, many text processors allow entering arbitrary
character codes and hex editors aren't exactly uncommon.

If we are talking a high-security network, one should ask oneself if
users need the power to make stuff executable. Depending on your OS, it
should be possible to deny them this privilige. If you are going all
the way, deny them write privileges to anything - because text files
could, with some work, be filled with executable content and then made
executable.

                Joachim



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT