Presentation is loading. Please wait.

Presentation is loading. Please wait.

1.1. TechNet Security Summit 2004 Terminal Server Security Marcus Murray.

Published byAntony Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "1.1. TechNet Security Summit 2004 Terminal Server Security Marcus Murray."— Presentation transcript:

1 1.1. TechNet Security Summit 2004 Terminal Server Security Marcus Murray

2 2.2. TechNet Security Summit 2004 Innehåll Windows Server 2003 Terminal Services Utmaning säkerhetsmässigt Kända hot mot Terminal Server Nedlåsning av en Terminalserver Nätverksarkitektur för att säkra Access till TS

3 3.3. TechNet Security Summit 2004 Windows Server 2003 Terminal Services

4 4.4. TechNet Security Summit 2004 Benefits of Terminal Server BenefitDescription Rapid, Centralized Deployment of Applications Terminal Server is great for rapidly deploying Windows-based applications to computing devices across an enterprise— especially applications that are frequently updated, infrequently used, or hard to manage. When an application is managed on Terminal Server, and not on each device, administrators can be certain that users are running the latest version of the application. Low-bandwidth Access to Data Terminal Server considerably reduces the amount of network bandwidth required to access data remotely. Using Terminal Server to run an application over bandwidth-constrained connections, such as dial-up or shared WAN links, is very effective for remotely accessing and manipulating large amounts of data because only a screen view of the data is transmitted, rather than the data itself. Windows Anywhere Terminal Server helps users become more productive by enabling access to current applications on any device—including under- powered hardware and desktop computers not running Microsoft ® Windows ®. And because Terminal Server lets you use Windows anywhere, you can take advantage of extra processing capabilities from newer, lighter-weight devices such as the Pocket PC.

5 5.5. TechNet Security Summit 2004 Client-Side Features Remote Desktop Protocol (RDP) v 5.2 Full client included with Windows XP Full (.MSI), MMC and Web (ActiveX ® ) downloads No separate Connection Manager Automatic reconnects Client resource redirection features Resource redirection Slow link performance optimizations

6 6.6. TechNet Security Summit 2004 Client-Side Features (continued) Remote Desktop Web Connection Remote Desktops Administration Tool

7 7.7. TechNet Security Summit 2004 Client-Side Features (continued) Specify Computer, User name, Password, and Domain Save settings

8 8.8. TechNet Security Summit 2004 Client-Side Features (continued) From 256 color to True Color (24 bit) Resolution to 1600 x 1200 Full screen capabilities

9 9.9. TechNet Security Summit 2004 Client-Side Features (continued) Audio output Windows key combos Disk drives and printers (local and network) Serial devices Smart card Time Zone Clipboard (+files)

10 10. TechNet Security Summit 2004 Client-Side Features (continued) Launch entire desktop or specific application

11 11. TechNet Security Summit 2004 Client-Side Features (continued) Network and Performance Improvements –Increased network bandwidth savings over RDP 5.0 –Remote “experience” turns off wallpaper, visual styles, etc., depending on network connection –Auto-reconnect –128-bit bidirectional encryption –Backward compatible with RDP 5.0 and RDP 4.0

12 12. TechNet Security Summit 2004 Server-Side Features Remote Desktop for Administration provides Console redirection—can now connect to console session –“SERVERNAME /console” or “mstsc.exe /console” –Can establish two connections plus one console connection –Can use Remote Assistance to share a session between administrators –At console, session is locked—shows user who connected to console as user who locked the console Remote Desktops Administration Tool

13 13. TechNet Security Summit 2004 Server-Side Features (continued) Installed by default on all Windows Server 2003 platforms, but not enabled –Modify in System properties, Remote tab –Can also enable/disable via Windows Management Instrumentation (WMI) or Windows Management Instrumentation Command (WMIC) RDToggle

14 14. TechNet Security Summit 2004 Server-Side Features (continued) Terminal Server mode, formerly Terminal Server Application mode –Can install Terminal Server in Add/Remove Programs or Manage Your Server –Can also install during unattended installation

15 15. TechNet Security Summit 2004 Server-Side Features (continued) Security Features –Remote Desktop Users Group –Security Policy Editor –128-Bit Encryption –FIPS Compliance –Software Restriction Policies –License Server Security Group –Remote Connection Permissions –Smart Card support

16 16. TechNet Security Summit 2004 Utmaning säkerhetsmässigt Användarna skall kunna exekvera kod direkt på en server Tillgänglighet från externa nätverk (internet)

17 17. TechNet Security Summit 2004 Terminal Server ur en hackers perspektiv Hitta TS. –Om publikt publicerade -Sökbara via intenet Bryta sig in i TS –Password attack ex. TSGrinder –Password kan extraheras ur Rdp filer. Root –Hitta kommandotolk, accessa drivar, eskalera priv - Lokala exploits

18 18. TechNet Security Summit 2004 Söka efter Terminal servrar på Google /Tsweb/default.htm Tsweb site:Se /Rdp “Remote Desktop Web Connection” "Send logon information for this connection"

19 19. TechNet Security Summit 2004 Extrahera lösenord ur RDP-filer med Cain

20 20. TechNet Security Summit 2004 Securing a Terminal Server Step by step

21 21. TechNet Security Summit 2004 Whitepapers: Windows Server 2003 Terminal Server Security –Published: February 24. 2004 Locking Down Windows Server 2003 Terminal Server Sessions –Published: July, 2003

22 22. TechNet Security Summit 2004 TS installation

23 23. TechNet Security Summit 2004 During installation, choose the Full Security Option

24 24. TechNet Security Summit 2004 Use Group Policy to lock down your terminal servers and client computers Whitepaper: Locking Down Windows Server 2003 Terminal Server Sessions

25 25. TechNet Security Summit 2004 Use the highest level of encryption your organization can support Low (56-bit) Client Compatible FIPS Compliant (TLS_RSA_WITH_3DES_EDE_CBC_SHA) High (128 bit)

26 26. TechNet Security Summit 2004 Use the Remote Desktop Users group to grant access to end-users

27 27. TechNet Security Summit 2004 Using Software Restriction Policies to Protect Against Unauthorized Software

28 28. TechNet Security Summit 2004 Use Secure Configuration Settings for your RDP Connections

29 29. TechNet Security Summit 2004 Enable the Internet Connection Firewall

30 30. TechNet Security Summit 2004 Use strong passwords throughout your organization

31 31. TechNet Security Summit 2004 Keep virus scanners up to date

32 32. TechNet Security Summit 2004 Keep all software patches up to date

33 33. TechNet Security Summit 2004 Use encryption to secure connections using Remote Desktop Web Connection Protection from TS spoofing SSL does not protect rdp traffic, (yet)

34 34. TechNet Security Summit 2004 Do not install Terminal Server on a Domain Controller

35 35. TechNet Security Summit 2004 -- Enhanced Security Options --

36 36. TechNet Security Summit 2004 Consider Using a Firewall

37 37. TechNet Security Summit 2004 Use Restricted groups policy to manage the Remote Desktops User Group at the domain or OU level

38 38. TechNet Security Summit 2004 Mer info: Whitepapers: –Windows Server 2003 Terminal Server Security Published: February 24. 2004 –Locking Down Windows Server 2003 Terminal Server Sessions Published: July, 2003

39 39. TechNet Security Summit 2004 Consider Using Smart Cards for Strong Authentication

40 40. TechNet Security Summit 2004 Consider Using a VPN tunnel to Secure Terminal Services connections over the Internet

41 41. TechNet Security Summit 2004 Consider Using IPSec Policy to Secure Terminal Server Communications over your network

42 42. TechNet Security Summit 2004 Slut

Download ppt "1.1. TechNet Security Summit 2004 Terminal Server Security Marcus Murray."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation

Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Hands-On Microsoft Windows Server 2008 1 Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Similar presentations

Ads by Google