Hosting Provided By

Re: MS Terminal Services open to the world

From: Don Voss <voss(at)albany.edu>
Date: Fri Jan 10 2003 - 13:13:11 EST

Ralph,

I am not sure if this is the "creative" method you were thinking of .. but facts, facts, and more facts would be my choice.

You have a broad area to cover. Do you convince them that none of their material should face the internet ?.. as in no firewall [ my assumption of no firewall .. . if the TS enabled servers are directly facing net.] Thus the exposed TS material is just one of the risks they are allowing.

Do you show detailed recorded examples of TS exploitation ?

Which leads me to .. is there documentation of TS material being exploited and how ? I do not know about that so I searched google a bit, jumped to securityfocus, searched their vulnerabilities database, under microsoft it showed 2 TSAC activeX issues .. which I am not qualified to comment on. links below.

Microsoft TSAC ActiveX Control

http://online.securityfocus.com/bid/5952

Do you need help?

http://online.securityfocus.com/bid/5554

At the link below, quick glance, there seems to be much info regarding terminal services functionality.

http://www.ntsecurity.net/Articles/Index.cfm?TopicID=800

and so on.

Of course .. If you are skilled enough and can get the approval to try .. exploit it yourself. Setup a prove-able test .. get somewhere secure .. modify a agreed upon parameter / setting. How could they argue with that ?

[ I do not know if or how to if it is possible. I am just offering logical "proof" options. ]

You may find the terminal services [ with version control, current patches, etc] ok. Then the facts do not support your warnings, right?

Even so there seems to be enough evidence of other risks, almost to the point of common sense, not to have servers / services / clients exposed directly to the net. A inventory of what they have running facing the net and a list of exploits against those services/OS's/clients .. with some cost liability numbers should be sobering.

Do you need more help?

That said .. it may not sway them .. here at the university .. the only device , as far as I know, they have purchased is a packetteer used to throttle back the dorms from file sharing outboud congestion. Politics and money are a big part of these decisions. At least you can give them hard data to add to the mix.

regards,
/don

On 10 Jan 2003 at 10:09, Ralph Los wrote:

> Hello all,

Don Voss                                      voss@albany.edu

Sr. Programmer Analyst
Geography & Planning Department
The University at Albany, SUNY
Albany, NY, 12222-0100

Jazz music: an intensified feeling of nonchalance.

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Sat Jan 11 19:34:55 2003

This message: [ Message body ]
Next message: Pen-Test: "RE: Checkpoint FW-1 on Nokia - potential user enumeration bug?"
In reply to: Ralph Los: "MS Terminal Services open to the world"
In reply to Puterbaugh, Mike: "RE: MS Terminal Services open to the world"
Next in thread: Dominick Baier: "AW: MS Terminal Services open to the world"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT