Re: Terminal Services Security using Remote Desktop Client

From: Cláudio Rodrigues (Claudio.Rodrigues_at_NOSPAM-Terminal-Services.NET)
Date: 08/28/04 

Date: Sat, 28 Aug 2004 17:15:47 -0400

Add to that if your machine is not patched and more than that, infected with
something, as soon as you VPN and become a node of your corporate network
you may start infecting everything there.
As it is very hard as of today to control what your users have at their own
homes, VPNs may be a huge problem for many companies.
Using TS, this problem does not exist. 

-- 
Cláudio Rodrigues
Microsoft MVP
Windows Technologies - Terminal Services
http://www.terminal-services.net
"Alex K. Angelopoulos [MVP]" <aka-at-mvps-dot-org> wrote in message 
news:ONjk9qIjEHA.2652@TK2MSFTNGP15.phx.gbl...
> Cláudio Rodrigues wrote:
>> Although there were some DoS available through the RDP protocol, after
>> years of experience deploying TS, I am still to see one single case
>> where a TS was hacked using the RDP protocol only.
>> The RDP encryption is enough for sure and more than that is needed if
>> your company is paranoic.
>> A VPN is way a bigger, huge risk these days than a terminal server.
>
> Since I generally agree with Cláudio, I'm piggybacking on his post. :)
>
> I tend to prefer using VPN/SSH, but the reasons for that have nothing to 
> do with specifics of TS security; it's simply because those connections 
> allow me to tunnel in remotely and access many different points on a LAN, 
> with only one external configured connection.
>
> This brings us around to the reason why a VPN might be a security risk. 
> The single most significant vulnerability that is exploited is not someone 
> decrypting your traffic: it's brute force attacks succeeding against 
> poorly selected passwords. In that scenario, you can argue that a VPN is 
> LESS secure simply because the attacker would have direct access to 
> anything on your LAN accessible from the VPN.
>
>

Relevant Pages

  • Re: Terminal Services Security using Remote Desktop Client
    ... Cláudio Rodrigues wrote: ... > where a TS was hacked using the RDP protocol only. ... This brings us around to the reason why a VPN might be a security risk. ... it's brute force attacks succeeding against poorly ...
    (microsoft.public.windows.terminal_services)
  • Re: E-mail routing over VPN
    ... I'm using SafeNet's SoftRemote VPN product. ... everything else goes down the direct pipe to the internet provider. ... internet frim infecting the corporate network through the VPN? ... Bear in mind that I'm a VPN user, not a network engineer ... ...
    (comp.dcom.vpn)
  • Re: 3rd time trying to get an answer to Term services problems through ISA
    ... Thanks Stefan. ... we do publish the rdp protocol at ... The thing is this is through a vpn, so if I can access terminal ... >> any server at work and it just keeps trying, ...
    (microsoft.public.isa.configuration)
  • Re: Is terminal server secure?
    ... >TS uses the RDP protocol and has 3 levels of encryption, ... >>Is terminal server secure in its own right? ... >>though you do not use VPN? ...
    (microsoft.public.win2000.security)