Yeah, if you can get a password, it's a whole 'nother ball of wax. I'd love to see you hax0r Windows from the logon screen with nothing but a keyboard and mouse. It is DESIGNED to be exposed to (wherever) because it's made for REMOTE ACCESS. Care to explain this futher? It's a single port. If you have a kernel or application vulnerability, it is exploitable. the problem is this exposes machines and inbound ports that shouldn't be to the internet. Just forward the port on your firewall and you are all set. Quote:Originally posted by erratick:quote:Originally posted by 1966Ford:Remote desktop uses 128 bit encryption by default.
You only have to make sure your VPN system/enpoints are hardened, and usually they are designed that way.-E It might allow someone to rdp into the DMZ, but not into internal network or to other machines on the DMZ (private vlans on the DMZ right?).I like VPN then use apps (including RDP), reduces exposure.
COMPARE GOTOMYPC TO REMOTEPC PC
If you have a kernel or application vulnerability, it is exploitable.For a home user that patches all the time and has no valuable data on the PC or on the network, this might be an acceptable risk.The industry best practice 3 legged firewall with internal, dmz and external networks, wouldn't allow ports forwarded in to the internal network. Quote:Originally posted by 1966Ford:Remote desktop uses 128 bit encryption by default. Nmap finished: 1 IP address (1 host up) scanned in 5.359 seconds
COMPARE GOTOMYPC TO REMOTEPC MAC
MAC Address: XX:XX:XX:XX:XX:XX (Dell Computer) (The 1645 ports scanned but not shown below are in state: closed) 100% waste of time and hassle unless you need it to be on an alternate port for some reason, running nmap against one of our domain controllers that has RDP set to a different port due to our firewall, and in 5 Seconds nmap correctly identified the port as being microsoft remote desktopnmap.exe -sS 192.168.1.2 Quote:I normally change the defualt port RDP listens on, just to prevent anyone scanning for open remote desktop servers from attempting to connect.
0 kommentar(er)
