On 6/10/2010 4:44 AM, Larry Seltzer wrote: > All right, I guess you've got a point. I reflexively say VPN at times like > this because the very few reported RDP attacks I've seen have been MITM > attacks of the sort that VPNs effectively block. But a client > certificate/TLS implementation accomplishes the same thing and all you have > to open is the RDP port.
MS Terminal Services Gateway can be set up to require client cert authentication and comes in over SSL/TLS over port 443 (RPC over HTTPS I think). Allowing raw RDP to come in through the firewall is not something I would feel real good about. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/