Thursday, June 08, 2006
« Keyboards are my fetish | Main | Relative cynicism and the world cup »
Defense in Depth - practical example
Been a while since the last security post, so while its a blogging day...

I was catching up on PaulDotCom security weekly podcast and during a discussion about insecure protocols like Telnet "behind the firewall" I learned that the RDP ("Terminal Services") is vulnerable to Man in the Middle (MITM) attacks.  In fact they put RDP into the same group as Telnet!

I remember when I started allowing RDP into my home network I did some research into if the encryption used by RDP is secure -which it is- but this vulnerability highlights that it is not enough and that it is exploitable by means of ARP Posion Routing to intercept your RDP session, including what you type at the login prompt.

So RDP is a bit of a fact of life for me at the moment, applying some defense in depth is in order.  Some layers we could add:
  1. Tunnel the RDP connection over SSH.  I really like this one because it adds a layer of authentication to the session, not just encryption.   This addresses the root cause of the problem:  So long as the encryption remains in place, RDP does not care how the traffic gets there.
  2. Tunnel the RDP connection over SSH.  Yeah, but this time it is to allow us to close port 3389, there by not advertising the availability of RDP on the host.
  3. IP FIltering & IPSec policy.  In my case I already have this in place for my off-site connections to only allow connections from know-good IP addresses.  This is equally valid for behind the firewall sessions.
  4. Certificates.  I'm a big fan of certificates as a factor to authentication.  I'll blog one day about using them to encrypt SQL Server's on-wire protocol.  Technet has a how-to that shows you how to set this up with Windows 2003 Server SP1 & Windows XP.

Geeking Out! | Secutity
Thursday, June 08, 2006 11:37:50 PM (AUS Eastern Standard Time, UTC+10:00)  #    Disclaimer  |  Comments [0]  |  Related posts:
Visual Studio 2008 Professional vs. Standard edition. Just what are the differences? Is it Features?
The var keyword (C# 3.0) - Nothing at all like VB6 Variant - It's not even a Type!
Bringing Grep back using PowerShell
iTunes messages not getting any better despite constant updates!
First DR scare at the new office
Sign your way to better quality with a x509 Certificate
 Tracked by:
"yellow.thecampaign.net/photos.php" (yellow.thecampaign.net/photos.php) [Trackback]
"paid to take surveys" (paid to take surveys) [Trackback]
"i was a spy (for about 6 years)" (i was a spy (for about 6 years)) [Trackback]
"yellow is a rock band based out of sydney, nova scotia. formed in" (yellow is a... [Trackback]
"yellow." (yellow.) [Trackback]
"movin' on up..." (movin' on up...) [Trackback]
"Do Me In The Button Order Form" (Do Me In The Button Order Form) [Trackback]
"Tom Fun & the Holy Microphone Machine" (Tom Fun & the Holy Microphone M... [Trackback]
"the campaign records (photos)" (the campaign records (photos)) [Trackback]
"one day late" (one day late) [Trackback]
"news" (news) [Trackback]
"the following two tracks are from our first album, "the heat'll be" (t... [Trackback]
"do me in the button [1" button design and production]" (do me in the butto... [Trackback]
"bands: i was a spy one day late great plains the ditchpigs" (bands: i was a spy... [Trackback]
"shoes and boots search" (shoes and boots search) [Trackback]
"yellow can be contacted by paper mail at the following address" (yellow can be ... [Trackback]
"boston table tennis online" (boston table tennis online) [Trackback]
"Rent Apartments" (Rent Apartments) [Trackback]
"the campaign records messageboard!" (the campaign records messageboard!) [Trackback]
"i was a spy (for about 6 years)" (i was a spy (for about 6 years)) [Trackback]
"content" (content) [Trackback]
"the campaign records" (the campaign records) [Trackback]
"get work from home" (get work from home) [Trackback]
"i was a spy - progressive punk rock / coffee-core" (i was a spy - progressive p... [Trackback]
"news" (news) [Trackback]
"romantic love poems" (romantic love poems) [Trackback]
"walking aids" (walking aids) [Trackback]
"tantra massage amsterdam" (tantra massage amsterdam) [Trackback]
"egyptian hooka" (egyptian hooka) [Trackback]
"Biography John T Scopes" (Biography John T Scopes) [Trackback]
"indiana dui" (indiana dui) [Trackback]
"danielle martin greenbrier ar" (danielle martin greenbrier ar) [Trackback]
"Phone Directory" (Phone Directory) [Trackback]
"my wife and kids" (my wife and kids) [Trackback]
"scarpa camper" (scarpa camper) [Trackback]
"Reviews of Wide Belt Sanders" (Reviews of Wide Belt Sanders) [Trackback]
"child safety gate" (child safety gate) [Trackback]
"elle driver" (elle driver) [Trackback]
"college dorm room gifts" (college dorm room gifts) [Trackback]
"statue of liberty lesson plans" (statue of liberty lesson plans) [Trackback]
"alice mail" (alice mail) [Trackback]
"used cars denver" (used cars denver) [Trackback]
"dell 1700 toner" (dell 1700 toner) [Trackback]
"X Files Wallpaper" (X Files Wallpaper) [Trackback]
"rising force" (rising force) [Trackback]
"riding dirty chamillianaire" (riding dirty chamillianaire) [Trackback]
"blue prints" (blue prints) [Trackback]
"block ip address" (block ip address) [Trackback]
"cma cpe" (cma cpe) [Trackback]
"greene county area vocational technical school" (greene county area vocational ... [Trackback]
"metal halide light" (metal halide light) [Trackback]
"remodeling ideas for a ranch home" (remodeling ideas for a ranch home) [Trackback]
"hitch hikers guide to the galaxy" (hitch hikers guide to the galaxy) [Trackback]
"california vehicle code" (california vehicle code) [Trackback]
"networking techniques" (networking techniques) [Trackback]
"singer sewing machines ebay" (singer sewing machines ebay) [Trackback]
"cadillac wheels" (cadillac wheels) [Trackback]
"uLTRACET" (uLTRACET) [Trackback]
"lucas county real estate" (lucas county real estate) [Trackback]
"Factitious Disorder" (Factitious Disorder) [Trackback]
"washington nc" (washington nc) [Trackback]
"bondage harness" (bondage harness) [Trackback]
"converse high top sneakers chuck taylor" (converse high top sneakers chuck tayl... [Trackback]
"messages in water" (messages in water) [Trackback]
"sapphire princess" (sapphire princess) [Trackback]
"web msn" (web msn) [Trackback]
"trazodone death" (trazodone death) [Trackback]
"Kawasaki Street Bikes" (Kawasaki Street Bikes) [Trackback]
"pork tenderloin recipes" (pork tenderloin recipes) [Trackback]
"USAIR crash march 1992" (USAIR crash march 1992) [Trackback]
"lethargic and dilantin" (lethargic and dilantin) [Trackback]
"spiate" (spiate) [Trackback]
"snoring laser surgery cost" (snoring laser surgery cost) [Trackback]
"flexeril and Skilaxin" (flexeril and Skilaxin) [Trackback]
"walk in refrigerator" (walk in refrigerator) [Trackback]
"jessica simpson - take my breath away" (jessica simpson - take my breath away) [Trackback]
"Public Television" (Public Television) [Trackback]
"anchorage marathon" (anchorage marathon) [Trackback]
"telephone answering service" (telephone answering service) [Trackback]
"allieviinquattro" (allieviinquattro) [Trackback]
"napolibedbreakfast" (napolibedbreakfast) [Trackback]
"cazzoinfiga" (cazzoinfiga) [Trackback]
"dvdwaltdisney" (dvdwaltdisney) [Trackback]
"grand casino kinder%2Cla" (grand casino kinder%2Cla) [Trackback]
"Prom Hair styles" (Prom Hair styles) [Trackback]
"msds" (msds) [Trackback]
"smoking effects" (smoking effects) [Trackback]
"lovableingleseurinate" (lovableingleseurinate) [Trackback]
"attractivesegretariamerda" (attractivesegretariamerda) [Trackback]
"jack black soundboards" (jack black soundboards) [Trackback]
"blow drying hair products" (blow drying hair products) [Trackback]
"ohio slot car racing sets" (ohio slot car racing sets) [Trackback]
"American money spending by gender" (American money spending by gender) [Trackback]
"server can%27t see client" (server can%27t see client) [Trackback]
"batman movie" (batman movie) [Trackback]
"smoking causes" (smoking causes) [Trackback]
"Math Bingo Cards" (Math Bingo Cards) [Trackback]
"annuncicampania" (annuncicampania) [Trackback]
"winning at roulette" (winning at roulette) [Trackback]
"Facts about Smoking" (Facts about Smoking) [Trackback]
"cefalu2005" (cefalu2005) [Trackback]
"create bingo game" (create bingo game) [Trackback]
"templer knights dagger" (templer knights dagger) [Trackback]
"gottlieb daimler inventor" (gottlieb daimler inventor) [Trackback]
"dagmar vanderkloot" (dagmar vanderkloot) [Trackback]
"muscle 26 fitness june 2002 dwayne johnson" (muscle 26 fitness june 2002 dwayne... [Trackback]
"hummingbird feeder ant guards" (hummingbird feeder ant guards) [Trackback]
"laura deer dailey obituary" (laura deer dailey obituary) [Trackback]
"dopey and grumpy dwarf halloween costume pattern" (dopey and grumpy dwarf hallo... [Trackback]
"samsung sir t351 hdtv tuner set top box w2f dvi" (samsung sir t351 hdtv tuner s... [Trackback]
"daihatsu f300s" (daihatsu f300s) [Trackback]
"dva power converter" (dva power converter) [Trackback]
"joan van patton nippon" (joan van patton nippon) [Trackback]
"pictures of cats n daises" (pictures of cats n daises) [Trackback]
"specialiste automatique en assurance dais" (specialiste automatique en assuranc... [Trackback]
"acupressure body points atlas" (acupressure body points atlas) [Trackback]
"dockers daffodil mules" (dockers daffodil mules) [Trackback]
"jan hammer crokett theme" (jan hammer crokett theme) [Trackback]
"dagger tiki kayak" (dagger tiki kayak) [Trackback]
"jan van der roost mp3" (jan van der roost mp3) [Trackback]
"galco leather barrel guard" (galco leather barrel guard) [Trackback]
"psat test taking hints" (psat test taking hints) [Trackback]
"daihatsu rocky 4x4 accesoriesrooftops" (daihatsu rocky 4x4 accesoriesrooftops) [Trackback]
"daisy clipart" (daisy clipart) [Trackback]
"tie dye t shirts" (tie dye t shirts) [Trackback]
"brick dts dvd9" (brick dts dvd9) [Trackback]
"dwl cookbooks" (dwl cookbooks) [Trackback]
"psa adhesive sanding discs" (psa adhesive sanding discs) [Trackback]
"jan sokoloff harness" (jan sokoloff harness) [Trackback]
"dwayne ganier" (dwayne ganier) [Trackback]
"neanderthal or cro-magnon dwelling" (neanderthal or cro-magnon dwelling) [Trackback]
"atlas roof shingles" (atlas roof shingles) [Trackback]
"ludington daily news" (ludington daily news) [Trackback]
"dvdrw r rewritable extdrv usb cables sw media" (dvdrw r rewritable extdrv usb c... [Trackback]
"dick dyer toyota" (dick dyer toyota) [Trackback]
"motorcycle daily" (motorcycle daily) [Trackback]
"tie dye supplies" (tie dye supplies) [Trackback]
"daisy e. erb" (daisy e. erb) [Trackback]
"mini dvd-rw acro" (mini dvd-rw acro) [Trackback]
"sony 63min mini dv" (sony 63min mini dv) [Trackback]
"aldhr.com" (aldhr.com) [Trackback]
"chhabrafoods.com" (chhabrafoods.com) [Trackback]
"poexia.com" (poexia.com) [Trackback]
"chhabraexports.com" (chhabraexports.com) [Trackback]
"click2usa.com" (click2usa.com) [Trackback]
"avantidesigngroup.com" (avantidesigngroup.com) [Trackback]
"coffeebeenery.com" (coffeebeenery.com) [Trackback]
"asiacompressor.com" (asiacompressor.com) [Trackback]
"twincircles.com" (twincircles.com) [Trackback]
"chhabrafamilyfoundation.net" (chhabrafamilyfoundation.net) [Trackback]
"buy-web-site-traffic.com" (buy-web-site-traffic.com) [Trackback]
"btobmatrix.com" (btobmatrix.com) [Trackback]
"tabak-meier.com" (tabak-meier.com) [Trackback]
"chhabraprinting.com" (chhabraprinting.com) [Trackback]
"clubtuxedo.com" (clubtuxedo.com) [Trackback]
"sukkary.com" (sukkary.com) [Trackback]
"mpbeats.com" (mpbeats.com) [Trackback]
"syncreticorder.com" (syncreticorder.com) [Trackback]
"countyyardsales.com" (countyyardsales.com) [Trackback]
"commercialbankquotes.com" (commercialbankquotes.com) [Trackback]
"click2usa.com" (click2usa.com) [Trackback]
"chhabraexports.com" (chhabraexports.com) [Trackback]
"putitinwriting.net" (putitinwriting.net) [Trackback]
"brze.com" (brze.com) [Trackback]
"chhabramedicalgroup.com" (chhabramedicalgroup.com) [Trackback]
"divingpixels.com" (divingpixels.com) [Trackback]
"brooksgeninvest.com" (brooksgeninvest.com) [Trackback]
"click4stars.com" (click4stars.com) [Trackback]
"mattressnews.com" (mattressnews.com) [Trackback]
"optincash.com" (optincash.com) [Trackback]
"comeworldwide.net" (comeworldwide.net) [Trackback]
"cosmeticsurgory.com" (cosmeticsurgory.com) [Trackback]
"aldhr.com" (aldhr.com) [Trackback]
"chhabraelectronics.com" (chhabraelectronics.com) [Trackback]
"elite-stfu.com" (elite-stfu.com) [Trackback]
"leomoctezuma.com" (leomoctezuma.com) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"auctionsection.com" (auctionsection.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"leomoctezuma.com" (leomoctezuma.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"auctionsection.com" (auctionsection.com) [Trackback]
"fetishe6.com" (fetishe6.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"hornypics.net" (hornypics.net) [Trackback]
"fetishe6.com" (fetishe6.com) [Trackback]
"caramigo.com" (caramigo.com) [Trackback]
"gregpayneoffenses.com" (gregpayneoffenses.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"avalon-knights.com" (avalon-knights.com) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"our-specialties.com" (our-specialties.com) [Trackback]
"internet-marketingpro.com" (internet-marketingpro.com) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"gregpayneoffenses.com" (gregpayneoffenses.com) [Trackback]
"caramigo.com" (caramigo.com) [Trackback]
"leomoctezuma.com" (leomoctezuma.com) [Trackback]
"internet-marketingpro.com" (internet-marketingpro.com) [Trackback]
"writewithapro.com" (writewithapro.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"leomoctezuma.com" (leomoctezuma.com) [Trackback]
"avalon-knights.com" (avalon-knights.com) [Trackback]
"internet-marketingpro.com" (internet-marketingpro.com) [Trackback]
"thebirthpath" (thebirthpath) [Trackback]
"noaformacion" (noaformacion) [Trackback]
"figueroaesquire" (figueroaesquire) [Trackback]
"antiaging-strips" (antiaging-strips) [Trackback]
"covegallerylaguna" (covegallerylaguna) [Trackback]
"hardcorefields" (hardcorefields) [Trackback]
"incomerelated" (incomerelated) [Trackback]
"kaitlynslair" (kaitlynslair) [Trackback]
"luxurycarsforyou" (luxurycarsforyou) [Trackback]
"hipaa-parser" (hipaa-parser) [Trackback]
"congabroadband" (congabroadband) [Trackback]
"boombotz" (boombotz) [Trackback]
"childhoodobesityforum" (childhoodobesityforum) [Trackback]
"notarylisting" (notarylisting) [Trackback]
"360premierproperties" (360premierproperties) [Trackback]
"ramdesignsbyja" (ramdesignsbyja) [Trackback]
"noacomputers" (noacomputers) [Trackback]
"jdkathuria" (jdkathuria) [Trackback]
"barcelonacreatividad" (barcelonacreatividad) [Trackback]
"phoenix-inv-club" (phoenix-inv-club) [Trackback]
"wikimickey" (wikimickey) [Trackback]
"bidphone" (bidphone) [Trackback]
"etaxmart" (etaxmart) [Trackback]
"casinopapaya" (casinopapaya) [Trackback]
"successtakestime" (successtakestime) [Trackback]
"icdem" (icdem) [Trackback]
"nor-3iny" (nor-3iny) [Trackback]
"bambucabarete" (bambucabarete) [Trackback]
"frederickcrops" (frederickcrops) [Trackback]
"execerrands" (execerrands) [Trackback]
"danisgarcia" (danisgarcia) [Trackback]
"prevailband" (prevailband) [Trackback]
"noaformacion" (noaformacion) [Trackback]
"99kr" (99kr) [Trackback]
"imagineitministries.com" (imagineitministries.com) [Trackback]
"translucentpictures.com" (translucentpictures.com) [Trackback]
"thepchelp.com" (thepchelp.com) [Trackback]
"xchangesystems.net" (xchangesystems.net) [Trackback]
"esuite7.com" (esuite7.com) [Trackback]
"brainwavesllc.com" (brainwavesllc.com) [Trackback]
"gilesclan.com" (gilesclan.com) [Trackback]
"dults.com" (dults.com) [Trackback]
"myegins.com" (myegins.com) [Trackback]
"medicall.com" (medicall.com) [Trackback]
"gemiage.com" (gemiage.com) [Trackback]
"purefortune.com" (purefortune.com) [Trackback]
"surfireincome.com" (surfireincome.com) [Trackback]
"theomsphere.com" (theomsphere.com) [Trackback]
"cookcountybar.com" (cookcountybar.com) [Trackback]
"websitedesignportfolio.com" (websitedesignportfolio.com) [Trackback]
"proebizrotator.com" (proebizrotator.com) [Trackback]
"primact.com" (primact.com) [Trackback]
"hyperpuppy.com" (hyperpuppy.com) [Trackback]
"spardesigns.com" (spardesigns.com) [Trackback]
"dolls-sources.com" (dolls-sources.com) [Trackback]
"rcshepherds.com" (rcshepherds.com) [Trackback]
"daniellungren.com" (daniellungren.com) [Trackback]
"weemuffin.com" (weemuffin.com) [Trackback]
"proebiz.net" (proebiz.net) [Trackback]
"looloous.com" (looloous.com) [Trackback]
"ihealthywealthywise.com" (ihealthywealthywise.com) [Trackback]
"torahbums.com" (torahbums.com) [Trackback]
"newheavenproductions.com" (newheavenproductions.com) [Trackback]
"travel-resource.net" (travel-resource.net) [Trackback]
"royaljellyhouse.com" (royaljellyhouse.com) [Trackback]
"provenance-hosting.com" (provenance-hosting.com) [Trackback]
"swords-sources.com" (swords-sources.com) [Trackback]
"browno.com" (browno.com) [Trackback]
"experworld.com" (experworld.com) [Trackback]