http://www.ISAserver.org ------------------------------------------------------- LOL -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, May 25, 2006 1:43 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: RDP/TLS [Thread Subject Change] http://www.ISAserver.org ------------------------------------------------------- The power of Tsu compels you The power of Tsu compels you The power of Tsu compels you... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Thursday, May 25, 2006 13:32 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: RDP/TLS [Thread Subject Change] http://www.ISAserver.org ------------------------------------------------------- Elvis is alive and HARDWARE FIREWALLS are from God. Man, don't you know anything? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Thursday, May 25, 2006 3:27 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RDP/TLS [Thread Subject Change] > > http://www.ISAserver.org > ------------------------------------------------------- > > I was answering the original question regarding browser manglement if > ISA. > Regarding RDP MITM attacks, "it exists and is real" is just as valid > as saying "Elvis is alive". > Depending on who you ask, (n)either statement is worth worrying > about... > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G > Sent: Thursday, May 25, 2006 12:31 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RDP/TLS [Thread Subject Change] > > http://www.ISAserver.org > ------------------------------------------------------- > > Jim, > > Thank you. :) Just to clarify your answers, though, you mean: > > No, you or Tom do not know of a KB article or TechNet article that > discusses RDP/TLS (SSL) and have no plans to know? > > Or > > No, Microsoft does not have a KB article or TechNet article that > discusses RDP/TLS and Microsoft has no plans to release such an > article? > > Follow up questions: > > Is RDP/TLS (SSL) only available with Windows Server 2003 SP1? > Is it true that Microsoft pulled RDP/TLS (SSL) from Windows Server > 2003 R2? > > The reason why I ask, and I know this is a sensitive topic, is because > a MITM attack against an RDP session using standard RDP encryption can > succeed in determining the username and password used to log onto a > server (Test Case: > Server - W2K3 SP1 Fully Patched; Client - WinXP SP2 Fully Patched). > Granted, this requires that the MITM attacker has access to either the > subnet of the client or the subnet of the server but the risk still > exists and is very real. > > The federal agencies I play a role in supporting are very concerned > about this. > > I'm just trying to perform all the due diligence I can and using > RDP/TLS seems like a very good solution to this issue for our current > environment. > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > ECNS Microsoft Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender > and delete the e-mail and its attachments from all computers. > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Thursday, May 25, 2006 2:23 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: RDP/TLS [Thread Subject Change] > > http://www.ISAserver.org > ------------------------------------------------------- > > No, we don't. > No, we have no such plans. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Young, Gerald G > Sent: Thursday, May 25, 2006 11:05 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] RDP/TLS [Thread Subject Change] > > http://www.ISAserver.org > ------------------------------------------------------- > > Tom, > > The clarification was fine. It just didn't answer the questions I had > asked is all. :) > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > ECNS Microsoft Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender > and delete the e-mail and its attachments from all computers. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Thursday, May 25, 2006 1:57 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Browser based configurtaion > > http://www.ISAserver.org > ------------------------------------------------------- > > What didn't make sense? There's a big difference between tunneling and > encryption. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > Sent: Thursday, May 25, 2006 12:18 PM > > To: ISA Mailing List > > Subject: [isalist] Re: Browser based configurtaion > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > It did, didn't it!...:) > > > > S > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Thor (Hammer of God) > > Sent: Thursday, May 25, 2006 2:12 PM > > To: ISA Mailing List > > Subject: [isalist] Re: Browser based configurtaion > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > That cleared it right up :-p > > > > t > > > > > > On 5/25/06 10:23 AM, "Thomas W Shinder" > <tshinder@xxxxxxxxxxx> spoketh > > > to > > all: > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Hi Jerry, > > > > > > Its not really RDP over SSL/TLS, but rather TLS encryption > > of the RDP > > > channel. > > > > > > Tunneling RDP over a TLS (HTTP actually) is an entirely different > > > matter to be solved with Longhorn. > > > > > > HTH, > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > >> -----Original Message----- > > >> From: isalist-bounce@xxxxxxxxxxxxx > > >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > Young, Gerald G > > >> Sent: Thursday, May 25, 2006 11:54 AM > > >> To: isalist@xxxxxxxxxxxxx > > >> Subject: [isalist] Re: Browser based configurtaion > > >> > > >> http://www.ISAserver.org > > >> ------------------------------------------------------- > > >> > > >> Tom, > > >> > > >> I've tried googling RDP/TLS and RDP/SSL but didn't find > much from > > >> Microsoft on this. From the articles that I did see, > > however, this > > >> requires Windows Server 2003 SP1. Another article > mentioned that > > >> Microsoft removed this from Windows Server 2003 R2 because this > > >> technology competed with a Citrix product. > > >> > > >> Do you or Jim happen to know if there is a KB article or TechNet > > >> article at Microsoft that discusses this? > > >> > > >> To confuse matters more, Microsoft apparently refers to > > this as RDP > > >> over SSL rather than TLS (the one Microsoft page I did > > find mention > > >> of this in was a What's New page for ISA Server 2004). > TLS is the > > >> successor for SSL so could that simply be because SSL is > > more widely > > >> used as a term? > > >> > > >> Cordially yours, > > >> Jerry G. Young II > > >> MCSE (4.0/W2K) > > >> Atlanta EES Implementation Team Lead ECNS Microsoft Engineering > > >> Unisys > > >> > > >> 11493 Sunset Hills Rd. > > >> Reston, VA 20190 > > >> Office: 703-579-2727 > > >> Cell: 703-625-1468 > > >> > > >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > >> PROPRIETARY MATERIAL and is thus for use only by the intended > > >> recipient. If you received this in error, please contact > > the sender > > >> and delete the e-mail and its attachments from all computers. > > >> > > >> -----Original Message----- > > >> From: isalist-bounce@xxxxxxxxxxxxx > > >> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >> On Behalf Of Thomas W Shinder > > >> Sent: Thursday, May 25, 2006 10:58 AM > > >> To: isalist@xxxxxxxxxxxxx > > >> Subject: [isalist] Re: Browser based configurtaion > > >> > > >> http://www.ISAserver.org > > >> ------------------------------------------------------- > > >> > > >> Hi Raj, > > >> > > >> No. Why not use RDP/TLS? Its just as secure. > > >> > > >> Tom > > >> > > >> Thomas W Shinder, M.D. > > >> Site: www.isaserver.org > > >> Blog: http://blogs.isaserver.org/shinder/ > > >> Book: http://tinyurl.com/3xqb7 > > >> MVP -- ISA Firewalls > > >> > > >> > > >> > > >>> -----Original Message----- > > >>> From: isalist-bounce@xxxxxxxxxxxxx > > >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > Periyasamy, Raj > > >>> Sent: Thursday, May 25, 2006 9:11 AM > > >>> To: isalist@xxxxxxxxxxxxx > > >>> Subject: [isalist] Browser based configurtaion > > >>> > > >>> http://www.ISAserver.org > > >>> ------------------------------------------------------- > > >>> > > >>> I know that certain pre-installed ISA appliances proved > a browser > > >>> based interface to configure the ISA server. Is there > any way to > > >>> configure an out-of-the box ISA Server installation with > > a browser > > >>> interface? Any such feature available from Microsoft? > > >>> > > >>> Thanks. > > >>> > > >>> Regards, > > >>> Raj Periyasamy > > >>> MCSE(Messaging), CCNA > > >>> > > >>> > > >>> ------------------------------------------------------ > > >>> List Archives: //www.freelists.org/archives/isalist/ > > >>> ISA Server Newsletter: > > >> http://www.isaserver.org/pages/newsletter.asp > > >>> ISA Server Articles and Tutorials: > > >>> http://www.isaserver.org/articles_tutorials/ > > >>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>> ------------------------------------------------------ > > >>> Visit TechGenix.com for more information about our other sites: > > >>> http://www.techgenix.com > > >>> ------------------------------------------------------ > > >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>> > > >>> > > >>> > > >> ------------------------------------------------------ > > >> List Archives: //www.freelists.org/archives/isalist/ > > >> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> ISA Server Articles and Tutorials: > > >> http://www.isaserver.org/articles_tutorials/ > > >> ISA Server Blogs: http://blogs.isaserver.org/ > > >> ------------------------------------------------------ > > >> Visit TechGenix.com for more information about our other sites: > > >> http://www.techgenix.com > > >> ------------------------------------------------------ > > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >> Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > >> ------------------------------------------------------ > > >> List Archives: //www.freelists.org/archives/isalist/ > > >> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> ISA Server Articles and Tutorials: > > >> http://www.isaserver.org/articles_tutorials/ > > >> ISA Server Blogs: http://blogs.isaserver.org/ > > >> ------------------------------------------------------ > > >> Visit TechGenix.com for more information about our other sites: > > >> http://www.techgenix.com > > >> ------------------------------------------------------ > > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >> Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > >> > > >> > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx