RE: Secure / Encrypt Terminal Services

it has built-in encryption configurable up to 128bit both ways. only issue i've encountered is at the 128bit or "high" encryption level is then my pocket pc clients cannot connect - they only support 40bit or "medium" encryption.

check the "terminal services configuration" snap-in when you put "mmc" in a "run:" dialog from the "start" menu.

i suppose you could use ipsec policies from active-directory and get l2tp going, or you could also go grab openssh for windows at http://www.networksimplicity.com/openssh/, or even Zebedee available here: http://www.winton.org.uk/zebedee/.

-d

-----Original Message-----

From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com] Sent: Thursday, November 21, 2002 6:22 AM To: focus-ms@securityfocus.com
Subject: Secure / Encrypt Terminal Services

-----BEGIN PGP SIGNED MESSAGE-----
Does the community have an opinion on which is the best way to do this? Can it be done via IP-Sec? Basically we have a machine (tripwire manager) that will have access to all our networks. Due to politics (gotta love security made insecure by politics) it must be remotely managed. The CIO (god bless CIO's) has decided that we will use terminal services. Is there a way to encrypt the traffic so it is not flying around the network in clear text? Would IP-Sec be the recomended solution?

Suggestions or links (or gentle shoves) to the information would be great.

Thanks

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9 AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg= =2bx1
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com Received on Tue Nov 26 11:51:35 2002