8

Microsoft, Rackspace and other hosted providers allows people to RDP into that server.

Here are a few examples: Microsoft has something called "Azure Connect" it is very easy to expose a domain connected terminal server to the Internet by simply pressing F5 to compile in Visual Studio (albeit with certain prerequisites taken care of).

Also, IaaS hosting companies (Rackspace, AWS) expose RDP for each VM they provision.

Generally speaking about RDP:

  • Is the computer or NETBIOS computer name exposed though any RDP channel in 2008R2?

  • Does the information exposed change if NLA is enabled/disabled?

  • What threat mitigation actions should be done?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

2

Microsoft Azure uses a Remote Desktop Gateway kind of situation, so when you initiate a connection to your Azure Server your connection is via HTTPS until you hit the Microsoft Server farm. Once you int the network your connection is "proxied" via the Azure gateway server, this ensures that the only people who would be able to see any sensitive information is Microsoft themselves.

Also you wont be effected by the RDP vulnerability, as i explained you connect to the RD Gateway using HTTPS which offers message integrity, you are only using RDP from the gateway to your server, everything over the internet is encrypted with HTTPS, this means that if someone was to try intercept and alter your data while its in transit over HTTPS, the Message Digest would fail and you wouldnt be able to connect to the server.

Taylor Gibb
  • 146
  • 3
  • That threat mitigation is good to know about; are there similar proxy servers I could use to reduce the risk? Is the hostname or domain name exposed over HTTPS prior to fully logging in? – makerofthings7 Mar 14 '12 at 12:10
  • The HTTPS session is initiated before any data is sent, so no. Also it isnt a proxy in the sense that you are thinking, it just a security measure. If you running your own server farms you can install the Remote Desktop Gateway Server role on Server 2008 R2 and the Terminal Services Gateway on Server 2008. – Taylor Gibb Mar 14 '12 at 12:28
2

I do not believe this is a very good thing. There are simple programs on the net which can attack, and exploit vulnerabilities is RDP.

I suggest they look into secure VPN instead on directly opening their domain up onto the net.

If you want the serious truth:

Using TSgrinder, an attacker could try a brute-force attack using customized lists of username/passwords. Though this method takes a considerable amount of time depending on password complexity, it still is a potential threat to the network security infrastructure.

VPN on the other hand is encrypted, and secure, and takes an attacker a lot more effort to attempt to break it. It keeps ALL data transfer safe, and provides ease, and simplicity to both the back-end management, and end-user.

Hope it helps ;-)

Kreator
  • 21
  • 1