Re: Remote Desktop/Term. Serv information leakage

From: Kyle Maxwell (krmaxwell@gmail.com)
Date: Fri Jul 01 2005 - 14:14:24 EDT


On 1 Jul 2005 14:41:45 -0000, kuffya@gmail.com <kuffya@gmail.com> wrote:
> Hi list,
> One of our recent clients has a seperate 'isolated' network where they keep sensitive material. This network is not connected to the internet, is not physically accessible and you can only connect to it using remote desktop. They asked us to test if the isolated network was adequately protected.

This doesn't really sound all that isolated to me. If you can connect
to it with RDP, then there's definitely reachability (the packets are
getting routed there, after all). It may be *firewalled* but this is
substantially different from *isolated*.

If the goal is to prevent information leakage, then there's not much
you can do if the client is determined to allow remote access.
Depending on the type of information being handled, there's going to
be tons of ways to 'leak' it out through just about any remote access
method. You might make it a little more difficult, but if the threat
you're facing is something greater than just casual leakage, any
remote access is going to present difficulties.

> And do you think this 'bug' is something investigating any further? Is it something you people knew of?

No, it's part of the design - ISTR that there was some sort of add-in
to Remote Desktop that would actually let you transfer the files
directly, but anyway MS's concept is to use file sharing for that.

-- 
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell@gmail.com]


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT