Or if you have 2008 and above use TS Gateway. -----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Saturday, 10 October 2009 1:33 AM To: NT System Admin Issues Subject: RE: Wow
You can simply use TLS to mutually authenticate the client and server: http://technet.microsoft.com/en-us/library/cc782610%28WS.10%29.aspx Then your connection is as secure as your PKI (and Microsoft's crypto-API). Or you can use IPSec. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Friday, 9 October 2009 11:03 PM To: NT System Admin Issues Subject: Re: Wow On Fri, Oct 9, 2009 at 9:39 AM, David Lum <[email protected]> wrote: > I never realized how easy man-in-the-middle attacks were executed... > > http://isc.sans.org/diary.html?storyid=7303 > Specifically: http://isc.sans.org/diaryimages/rdp-mitm-mpg.html This is why I don't run RDP over the public Internet. All RDP traffic is carried over a crypto tunnel implemented by a third-party that actually knows what they're doing when it comes to security. Microsoft's track record here stinks. And even if it didn't, I like the belt-and-suspenders approach of running two different security implementations. It takes two simultaneous exploits to achieve penetration. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
