Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: SV: [ActiveDir] OT - Terminal Server Over Internet
Prev Next
You are not authorized to post a reply.

AuthorMessages
henrikpetterssonUser is Offline

Posts:3

11/09/2007 5:01 AM  
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}









Okey….haven’t the hole thread so sorry if
someone already post this information.

My opinion is to look after other solution before u
set up an ts over internet.

RDP has always been a security risk because the
rdp-protocol use an encryption with a private key which actually is a public
key…sounds a little bit fishy, I know J
The key can be found in every version of XP, 2003 and newer..it’s in the
file mstlsapi.dll (windows\system32). The result of this
is that u can decrypt the traffic in real time. U can read about it here: http://www.oxid.it/downloads/rdp-gbu.pdf

U can find a tool here which can handle attacks like
that here: http://www.oxid.it/



And earlier rdp had a big hole but think ms released
a patch for that….2005 or something.

Sure u can tunnel the traffic with SSL
or SSH2 but I wouldn’t recommend it.

So, if u have ignore everything I have written and still
want to use RDP over internet there is some things u can do.
Use RDP v6.0, much better
security and authentication
Use IPSec for RDP…..dont
use PPTP!!
Read this, a little
bit old but still useful http://thelazyadmin.com/index.php?/archives/204-Configure-RDP-over-SSL-with-SelfSSL.html
Read this: http://support.microsoft.com/default.aspx?scid=kb;en-us;895433


Ok……after
much word-pooping im done now….good luck J

//henrik



Från:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] För EIS Lists
Skickat: den 8 november 2007 04:47
Till: ActiveDir@mail.activedir.org
Ämne: [ActiveDir] OT - Terminal
Server Over Internet

Hello:

I want to set up a single machine as a Terminal Server in application
mode (Windows Server 2003). I want to use the TSWeb interface for users to
access this from the Internet. I have read several postings on the web that say
TS is natively encrypted and therefore secure. These postings have said that
only the passing of login credentials are open, and that using SSL can solve
that.

Is this reasonable? Can I simply open 3389 and 443 and point them to
the internal TS box? How secure is this?

Thanks.

-- nme
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > SV: [ActiveDir] OT - Terminal Server Over Internet



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:kosciesza69
New TodayNew Today:3
New YesterdayNew Yesterday:1
User CountOverall:4319
People OnlinePeople Online:
VisitorsVisitors:73
MembersMembers:0
TotalTotal:73
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use