[plug] [OT] XP Remote
Alex Nordstrom
alexander.nordstromNO_SPAM_OR_OFFLIST_COPIES at tpg.com.au
Tue Aug 24 12:20:31 WST 2004
On Tuesday, 24 Aug 2004 11:18, skribe wrote:
> I don't actually know. I guess I was asking is using windows remote
> services inherently insecure like just about everything else that M$
> puts out. Is it as secure as SSH, for instance? I know I personally
> don't allow SSH remote logins from outside my network especially to
> the root account, but the tech seems to think the windows equivalent
> is just hunky dory. Hence my concern.
Well, the track record is not looking good.[1][2][3][4]
I also read a ZD Net editorial defending RDS after criticism of a bug
that lets the connecting user spoof his IP address, saying it "doesn't
really constitute a breach of ... security" since you still needed
correct credentials.[5] Personally, I'd say it precludes limiting
access to "trusted" IP addresses and would make brute force attacks
harder to trace.
I've done similar things with the OS agnostic solution of running VNC
through an SSH tunnel. Connections can be established from either side
since VNC also has a listening client capability, so if you can
initiate the connection from the inside, you don't even have to have
open ports on the network of the system being serviced.
[1] http://www.microsoft.com/technet/security/bulletin/MS00-077.mspx
[2] http://seclists.org/lists/bugtraq/2002/Sep/0153.html
[3] http://www.securitytracker.com/alerts/2004/Aug/1010836.html
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0863
[5]
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2830240,00.html
--
Alex Nordstrom
http://lx.n3.net/
Please do not CC me in followups
More information about the plug
mailing list