On Tue, Feb 28, 2012 at 8:59 PM, Richard Stovall <[email protected]> wrote: >>> One other thing that I've been mulling over along with the other >>> credentials is a set of VMs on which to run them. Want to manage >>> AD/DNS/WINS/CA? RDP into this Win7 VM with the correct tools on it. > > If the machine you're using to launch the RDP sessions is compromised, > what's the point? If you trust that machine, why not just run the tools > directly from it?
That's one of the things I'm mulling. I think ultimately it depends on what threat(s) we're defending against. If the concern is related to malware (esp. trojan horses, etc. acquired during web browsing or other day-to-day) this may help limit propagation. Malware that captures keystrokes and also provides some way to invoke RDP for the attacker could still hijack the operator's privileges, but that's a much harder problem for the attacker. This would also funnel attacks in to a relatively small channel (RDP) which could be more closely policed by the good guys. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
