... is this true ? I'd very much like to know. Can anyone confirm? Because when encryption has no passphrase, it's merely encoding. ________________________________ De : Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Envoyé : 8 mars 2006 10:55 À : [ISAserver.org Discussion List] Objet : [isalist] RE: RDP SERVER http://www.ISAserver.org I don't know if this is [still] true or not but I've heard that RDP, regardless of server, uses the same key for encryption and even though you use high encryption for the RDP session, because that key is already known, someone could decrypt the traffic (gain your username and password). Most people will RDP through a VPN tunnel or create a website with an RDP ActiveX control on it that is accessed over HTTPS. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, March 08, 2006 5:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RDP SERVER http://www.ISAserver.org Either...your choice. Lots of security concerns with RDP......it's up to you to decide if it's secure enough for you. ________________________________ From: Raj [mailto:rajkishore.upadhyay@xxxxxxxxx] Sent: Wednesday, March 08, 2006 6:39 AM To: ISA Mailing List Subject: [isalist] RE: RDP SERVER http://www.ISAserver.org how shall I add as computer set or address range........... Guide me............ IS there any other security conceren related with RDP server On 3/8/06, Steve Moffat <steve@xxxxxxxxxx> wrote: http://www.ISAserver.org <http://www.isaserver.org/> yes ________________________________ From: Raj [mailto:rajkishore.upadhyay@xxxxxxxxx] Sent: Wednesday, March 08, 2006 5:52 AM To: ISA Mailing List Subject: [isalist] RDP SERVER http://www.ISAserver.org <http://www.isaserver.org/> can we make a rule on the ISA 2004 so that we could that the ISA will handle on the incoming request from a particular IP or a network.. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx