[isalist] Re: RDP/TLS [Thread Subject Change]

• From: "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 25 May 2006 13:52:18 -0700

http://www.ISAserver.org
-------------------------------------------------------

LOL
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, May 25, 2006 1:43 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RDP/TLS [Thread Subject Change]

http://www.ISAserver.org
-------------------------------------------------------
  
The power of Tsu compels you
The power of Tsu compels you
The power of Tsu compels you... 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Thursday, May 25, 2006 13:32
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RDP/TLS [Thread Subject Change]

http://www.ISAserver.org
-------------------------------------------------------
  
Elvis is alive and HARDWARE FIREWALLS are from God.

Man, don't you know anything?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, May 25, 2006 3:27 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: RDP/TLS [Thread Subject Change]
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> I was answering the original question regarding browser manglement if 
> ISA.
> Regarding RDP MITM attacks, "it exists and is real" is just as valid 
> as saying "Elvis is alive".
> Depending on who you ask, (n)either statement is worth worrying 
> about...
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G
> Sent: Thursday, May 25, 2006 12:31
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: RDP/TLS [Thread Subject Change]
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Jim,
> 
> Thank you. :)  Just to clarify your answers, though, you mean:
> 
> No, you or Tom do not know of a KB article or TechNet article that 
> discusses RDP/TLS (SSL) and have no plans to know?
> 
> Or
> 
> No, Microsoft does not have a KB article or TechNet article that 
> discusses RDP/TLS and Microsoft has no plans to release such an 
> article?
> 
> Follow up questions:
> 
> Is RDP/TLS (SSL) only available with Windows Server 2003 SP1?
> Is it true that Microsoft pulled RDP/TLS (SSL) from Windows Server
> 2003 R2?
> 
> The reason why I ask, and I know this is a sensitive topic, is because

> a MITM attack against an RDP session using standard RDP encryption can

> succeed in determining the username and password used to log onto a 
> server (Test Case:
> Server - W2K3 SP1 Fully Patched; Client - WinXP SP2 Fully Patched).  
> Granted, this requires that the MITM attacker has access to either the

> subnet of the client or the subnet of the server but the risk still 
> exists and is very real.
> 
> The federal agencies I play a role in supporting are very concerned 
> about this.
> 
> I'm just trying to perform all the due diligence I can and using 
> RDP/TLS seems like a very good solution to this issue for our current 
> environment.
> 
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>  
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY MATERIAL and is thus for use only by the intended 
> recipient. If you received this in error, please contact the sender 
> and delete the e-mail and its attachments from all computers.
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Thursday, May 25, 2006 2:23 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: RDP/TLS [Thread Subject Change]
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> No, we don't.
> No, we have no such plans.
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Thursday, May 25, 2006 11:05
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] RDP/TLS [Thread Subject Change]
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Tom,
> 
> The clarification was fine.  It just didn't answer the questions I had

> asked is all. :)
> 
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>  
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY MATERIAL and is thus for use only by the intended 
> recipient. If you received this in error, please contact the sender 
> and delete the e-mail and its attachments from all computers.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Thursday, May 25, 2006 1:57 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Browser based configurtaion
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> What didn't make sense? There's a big difference between tunneling and

> encryption.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > Sent: Thursday, May 25, 2006 12:18 PM
> > To: ISA Mailing List
> > Subject: [isalist] Re: Browser based configurtaion
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > It did, didn't it!...:)
> > 
> > S
> > 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thor (Hammer of God)
> > Sent: Thursday, May 25, 2006 2:12 PM
> > To: ISA Mailing List
> > Subject: [isalist] Re: Browser based configurtaion
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > That cleared it right up :-p
> > 
> > t
> > 
> > 
> > On 5/25/06 10:23 AM, "Thomas W Shinder" 
> <tshinder@xxxxxxxxxxx> spoketh
> 
> > to
> > all:
> > 
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > > 
> > > Hi Jerry,
> > > 
> > > Its not really RDP over SSL/TLS, but rather TLS encryption
> > of the RDP
> > > channel.
> > > 
> > > Tunneling RDP over a TLS (HTTP actually) is an entirely different 
> > > matter to be solved with Longhorn.
> > > 
> > > HTH,
> > > Tom
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > >> -----Original Message-----
> > >> From: isalist-bounce@xxxxxxxxxxxxx 
> > >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
> Young, Gerald G
> > >> Sent: Thursday, May 25, 2006 11:54 AM
> > >> To: isalist@xxxxxxxxxxxxx
> > >> Subject: [isalist] Re: Browser based configurtaion
> > >> 
> > >> http://www.ISAserver.org
> > >> -------------------------------------------------------
> > >>   
> > >> Tom,
> > >> 
> > >> I've tried googling RDP/TLS and RDP/SSL but didn't find
> much from
> > >> Microsoft on this.  From the articles that I did see,
> > however, this
> > >> requires Windows Server 2003 SP1.  Another article
> mentioned that
> > >> Microsoft removed this from Windows Server 2003 R2 because this 
> > >> technology competed with a Citrix product.
> > >> 
> > >> Do you or Jim happen to know if there is a KB article or TechNet 
> > >> article at Microsoft that discusses this?
> > >> 
> > >> To confuse matters more, Microsoft apparently refers to
> > this as RDP
> > >> over SSL rather than TLS (the one Microsoft page I did
> > find mention
> > >> of this in was a What's New page for ISA Server 2004).  
> TLS is the
> > >> successor for SSL so could that simply be because SSL is
> > more widely
> > >> used as a term?
> > >> 
> > >> Cordially yours,
> > >> Jerry G. Young II
> > >>   MCSE (4.0/W2K)
> > >> Atlanta EES Implementation Team Lead ECNS Microsoft Engineering 
> > >> Unisys
> > >>  
> > >> 11493 Sunset Hills Rd.
> > >> Reston, VA 20190
> > >> Office: 703-579-2727
> > >> Cell: 703-625-1468
> > >> 
> > >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> > >> PROPRIETARY MATERIAL and is thus for use only by the intended 
> > >> recipient. If you received this in error, please contact
> > the sender
> > >> and delete the e-mail and its attachments from all computers.
> > >> 
> > >> -----Original Message-----
> > >> From: isalist-bounce@xxxxxxxxxxxxx 
> > >> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > >> On Behalf Of Thomas W Shinder
> > >> Sent: Thursday, May 25, 2006 10:58 AM
> > >> To: isalist@xxxxxxxxxxxxx
> > >> Subject: [isalist] Re: Browser based configurtaion
> > >> 
> > >> http://www.ISAserver.org
> > >> -------------------------------------------------------
> > >>   
> > >> Hi Raj,
> > >> 
> > >> No. Why not use RDP/TLS? Its just as secure.
> > >> 
> > >> Tom
> > >> 
> > >> Thomas W Shinder, M.D.
> > >> Site: www.isaserver.org
> > >> Blog: http://blogs.isaserver.org/shinder/
> > >> Book: http://tinyurl.com/3xqb7
> > >> MVP -- ISA Firewalls
> > >> 
> > >>  
> > >> 
> > >>> -----Original Message-----
> > >>> From: isalist-bounce@xxxxxxxxxxxxx 
> > >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
> Periyasamy, Raj
> > >>> Sent: Thursday, May 25, 2006 9:11 AM
> > >>> To: isalist@xxxxxxxxxxxxx
> > >>> Subject: [isalist] Browser based configurtaion
> > >>> 
> > >>> http://www.ISAserver.org
> > >>> -------------------------------------------------------
> > >>>   
> > >>> I know that certain pre-installed ISA appliances proved
> a browser
> > >>> based interface to configure the ISA server. Is there
> any way to
> > >>> configure an out-of-the box ISA Server installation with
> > a browser
> > >>> interface? Any such feature available from Microsoft?
> > >>> 
> > >>> Thanks.
> > >>> 
> > >>> Regards,
> > >>> Raj Periyasamy
> > >>> MCSE(Messaging), CCNA
> > >>> 
> > >>> 
> > >>> ------------------------------------------------------
> > >>> List Archives: //www.freelists.org/archives/isalist/
> > >>> ISA Server Newsletter:
> > >> http://www.isaserver.org/pages/newsletter.asp
> > >>> ISA Server Articles and Tutorials:
> > >>> http://www.isaserver.org/articles_tutorials/
> > >>> ISA Server Blogs: http://blogs.isaserver.org/
> > >>> ------------------------------------------------------
> > >>> Visit TechGenix.com for more information about our other sites:
> > >>> http://www.techgenix.com
> > >>> ------------------------------------------------------
> > >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > >>> Report abuse to listadmin@xxxxxxxxxxxxx
> > >>> 
> > >>> 
> > >>> 
> > >> ------------------------------------------------------
> > >> List Archives: //www.freelists.org/archives/isalist/
> > >> ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > >> ISA Server Articles and Tutorials:
> > >> http://www.isaserver.org/articles_tutorials/
> > >> ISA Server Blogs: http://blogs.isaserver.org/
> > >> ------------------------------------------------------
> > >> Visit TechGenix.com for more information about our other sites:
> > >> http://www.techgenix.com
> > >> ------------------------------------------------------
> > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > >> Report abuse to listadmin@xxxxxxxxxxxxx
> > >> 
> > >> ------------------------------------------------------
> > >> List Archives: //www.freelists.org/archives/isalist/
> > >> ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > >> ISA Server Articles and Tutorials:
> > >> http://www.isaserver.org/articles_tutorials/
> > >> ISA Server Blogs: http://blogs.isaserver.org/
> > >> ------------------------------------------------------
> > >> Visit TechGenix.com for more information about our other sites:
> > >> http://www.techgenix.com
> > >> ------------------------------------------------------
> > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > >> Report abuse to listadmin@xxxxxxxxxxxxx
> > >> 
> > >> 
> > >> 
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > > 
> > 
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials: 
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Re: RDP/TLS [Thread Subject Change]
    • From: Jim Harrison

Other related posts:

• » [isalist] RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]
• » [isalist] Re: RDP/TLS [Thread Subject Change]

1. Home
2. isalist
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---