|
Posted by Philip on October 29, 2007, 5:16 pm
Please log in for more thread options
Hi, my name is Philip and iam a domain admin.
In my work there’s an hostile environment, and i truly believe that some
tools are being using, such as sniffers (linux) and keyloggers.
Is remote desktop, secure enough against these tools, while managing the AD?
If i transfer text from my workstation to the server, is this also encrypt
by the rdp?
Can I use administrative tools, in my desktop, without compromise the
information?
Tks in advance
Philip
|
|
Posted by ILKER SOGUT on October 29, 2007, 6:06 pm
Please log in for more thread options
Hi
Did you used Terminal Services Client 6.0
It has new features with security.
Please look at this article from MS
http://support.microsoft.com/kb/925876/en-us
I hope it will usefull for you
ILKER SOGUT
> Hi, my name is Philip and iam a domain admin.
> In my work there’s an hostile environment, and i truly believe that some
> tools are being using, such as sniffers (linux) and keyloggers.
> Is remote desktop, secure enough against these tools, while managing the
> AD?
> If i transfer text from my workstation to the server, is this also encrypt
> by the rdp?
> Can I use administrative tools, in my desktop, without compromise the
> information?
>
> Tks in advance
>
> Philip
>
>
>
>
>
|
|
Posted by Anthony on October 29, 2007, 6:19 pm
Please log in for more thread options Hi Philip,
RDP is encrypted, but that's no defence against keyloggers and anything that
might have compromised any admin accounts.
You can set all computers to require a digitally signed connection.
In your position I would:
- make long, complex and frequently changed password for built-in
Administrator and service accounts
- use smarcard for any accounts with admin privileges
Anthony, http://www.airdesk.co.uk
> Hi, my name is Philip and iam a domain admin.
> In my work there's an hostile environment, and i truly believe that some
> tools are being using, such as sniffers (linux) and keyloggers.
> Is remote desktop, secure enough against these tools, while managing the
> AD?
> If i transfer text from my workstation to the server, is this also encrypt
> by the rdp?
> Can I use administrative tools, in my desktop, without compromise the
> information?
>
> Tks in advance
>
> Philip
>
>
>
>
>
|
|
Posted by Steven L Umbach on October 29, 2007, 9:19 pm
Please log in for more thread options RDP is a secure way to manage the domain and by default all RDP traffic is
encrypted and allows you to leave the domain controller/servers locked up.
BUT I would suggest that you only do such from a known secure admin computer
meaning a computer you are sure no unauthorized users have had access to in
order to install keyloggers, scripts, etc. Also it is best practice to have
a domain account for yourself that is not in the domain admins group that
you can use for tasks that do not require such powers and most AD tasks can
be delegated to a regular user account including managing domain user
accounts that are not in priviliged groups. Also make sure that no one with
domain administrator powers ever logs onto a domain workstation for routine
maintenance of such workstation or even member server. Create a domain user
account that is in the local administrators group of the domain workstations
[you can use Group Policy Restricted Groups to automate that] and use that
account/accounts to manage domain workstations.
Steve
> Hi, my name is Philip and iam a domain admin.
> In my work there's an hostile environment, and i truly believe that some
> tools are being using, such as sniffers (linux) and keyloggers.
> Is remote desktop, secure enough against these tools, while managing the
> AD?
> If i transfer text from my workstation to the server, is this also encrypt
> by the rdp?
> Can I use administrative tools, in my desktop, without compromise the
> information?
>
> Tks in advance
>
> Philip
>
>
>
>
>
|
|
Posted by Martin X. on October 30, 2007, 11:22 am
Please log in for more thread options Hi Philip:
I did some research on this awhile back and made the notes below. Also, I
did find an article about how someone was able to crack an RDP session, but
I can't find the article. But I recall that it was in a lab environment and
was under very specific circumstances. Anyway, here are my notes and some
links. In summary I would say that using the latest version of RDP with the
high encryption setting is safe as far as packet sniffing is concerned. But
as others have mentioned, if you have a key logger on your PC, no network
encryption can help with that.
Even though Terminal Services does by default encrypt the logon session and
data stream, it does not offer server authentication. So theoretically, a
rogue server could masquerade as another server and have users logon to it
and thereby steal the users' logon credentials. Windows Server 2003 Service
Pack 1 (and by default Service Pack 2 since it includes everything in
Service Pack 1) included a new feature that allows Terminal Services
connections to use Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
1.0 for server authentication and also stronger encryption of the logon
session and data stream. This is the same technology that encrypts most
secure Web sites such as those for banking and e-commerce.
To enable SSL/TLS for Terminal Services, a special server security
certificate is required. This certificate can be purchased from any one of
the major security certificate vendors or it can be created by using the
SelfSSL version 1.0 utility from the Microsoft Internet Information Services
(IIS) 6.0 Resource Kit Tools.
In order for client computers to connect to the Terminal Server with SSL
enabled, they need to be running a version of Windows 2000 or Windows XP.
The Remote Desktop Protocol client must be version 5.2 or newer.
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
http://msdn2.microsoft.com/en-us/library/aa383015.aspx
http://technet2.microsoft.com/WindowsServer/en/library/a92d8eb9-f53d-4e86-ac9b-29fd6146977b1033.mspx?mfr=true
http://www.microsoft.com/technet/security/Bulletin/MS02-051.mspx
--
Regards,
Martin X.
MCSA: M
Hi, my name is Philip and iam a domain admin.
In my work there's an hostile environment, and i truly believe that some
tools are being using, such as sniffers (linux) and keyloggers.
Is remote desktop, secure enough against these tools, while managing the AD?
If i transfer text from my workstation to the server, is this also encrypt
by the rdp?
Can I use administrative tools, in my desktop, without compromise the
information?
Tks in advance
Philip
|
| Similar Threads | Posted | | Remote Desktop Protocol Server Private Key Disclosure Vulnerability | March 30, 2008, 9:34 am |
| Remote desktop | February 21, 2006, 3:25 pm |
| SSL and Remote Desktop | February 27, 2008, 7:53 pm |
| Can connect via Remote Desktop | September 26, 2005, 12:36 pm |
| remote desktop security | February 18, 2006, 5:38 pm |
| Windows Remote Desktop | April 16, 2006, 7:17 am |
| Secure Remote Desktop | August 10, 2006, 11:00 pm |
| RDP: remote desktop issues | September 23, 2007, 3:13 pm |
| How secure is remote desktop | June 16, 2008, 8:46 pm |
| Remote Desktop MITM Concerns | June 10, 2005, 8:45 am |
|
XML Sitemap