So it looks like the <name your assessment here> will be spawning a security assessment as well.
That's never happened before. Ever. From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Thursday, August 11, 2016 7:44 AM To: Exchange List <[email protected]> Subject: RE: [Exchange] Exchange CAS RDP open They are not, I was shocked that RDP was open without any pre-auth in place I have warned them about drive-by RDP crypto attacks. So it looks like the DR assessment will be spawning a security assessment as well. Jean-Paul Natola ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 14:32:59 +0000 It seems like it's not just Exchange CAS that they are allowing external RDP to... Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Expert Technology Consulting Services for the SMB market... GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A [https://track.mixmax.com/api/track/v2/Mhrs9BZWWlpQo18qC/gIt92YuwWah12ZAVmbvpnYzFmI/i02bj5Sb1J3bmRXa51mLzR3cpxGQldmbhh2Y4VmI] On Thu, Aug 11, 2016 9:35 AM, J- P [email protected]<mailto:[email protected]> wrote: literally one number off, they said to RDP in use this IP (On a separate note that was my first clue things were amiss when the new admin said "we don't use names to connect in we use IP's') So let's say the RDP address was 67.250.48.168 , their mail server was one digit off i.e. 67.250.48.167 ________________________________ From: [email protected]<mailto:[email protected]> Date: Wed, 10 Aug 2016 21:01:16 -0400 Subject: Re: [Exchange] Exchange CAS RDP open To: [email protected]<mailto:[email protected]> I'm curious how you mistyped the connection info. Can you provide sanitized versions of what you entered into the RDP client? On Wed, Aug 10, 2016 at 8:29 PM, J- P <[email protected]<mailto:[email protected]>> wrote: its wide open via IP/URL , you can literally open rdp , type in the ip and connect ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 00:13:24 +0000 Those are really 2 very different questions. I would absolutely have RDP open locally (i.e., in the datacenter). How else will you maintain the server in case of problems? Remotely - no. Likely not. Except for administrative access via VPNs that can access the servers in the datacenter. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of J- P Sent: Wednesday, August 10, 2016 7:33 PM To: Exchange List Subject: [Exchange] Exchange CAS RDP open Hi all, Despite having worked with Exchange since 2003 through 2013, I have always worked in single server Exchange deployments,. Recently I was at a site where I was tasked with reviewing the DR strategy. While doing the assessment I inadvertently RDP'd into the CAS server (typo in the ip), the question I have , is there ANY reason whatsoever RDP would be enabled on a CAS server, and even more to the point, any reason it should be open through the firewall??? TIA jp Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender with a copy to [email protected], delete this email and destroy all copies.
