Re: Securing TS

• From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 12 Nov 2005 08:04:39 +1100

Yeah thats ssh tunneling which requires an open ssh port, your adding sh1t to 
the cart now.. Tom try a little tool (no pun intended) thor put me on to a 
while ago..fpipe from foundstone
 
greg

________________________________

From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx]
Sent: Sat 12/11/2005 7:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Securing TS



http://www.ISAserver.org


Yes I know that, it early and it's Friday, plus when you setup rdp over ssh 
tunneling you use 3389 as the source in putty because it's the other end of the 
connection! So :P



IMPORTANT Notice: The information contained in this e-mail, including any 
attachments or other embedded messages, is legally privileged and confidential 
and is intended only for the use of the individual or entity to whom it is 
addressed. If the reader of this message is not the intended recipient or an 
agent responsible for delivering it to the intended recipient, you are hereby 
notified that any viewing, dissemination, distribution, retransmitting, or 
copying of this e-mail message is strictly prohibited. If you have received 
and/or are viewing this e-mail in error, please notify the sender immediately 
by reply e-mail, and delete this and all copies of this communication from your 
systems. Thank you.


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Friday, November 11, 2005 11:43 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Securing TS

http://www.ISAserver.org

That's the *destination* port Mark, not the *source* port.  Big difference
;)

----- Original Message -----
From: "Mark Morgan" <MMorgan@xxxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, November 11, 2005 11:09 AM
Subject: [isalist] Re: Securing TS


http://www.ISAserver.org

 yes the client does allow you to use a different port all you need to do is
type the ip:port#  ie.. 192.168.1.1:55555


Thank You
Mark J Morgan
IS Coordinator

Palm Drive Hospital
501 Petaluma Ave. Sebastopol, Ca. 95472
Email:    mmorgan@xxxxxxxxxxxxxxxxxxxxx
Voice:    (707) 829-4242
Fax:       (707) 829-4112
Mobile    (707) 849-5576

IMPORTANT Notice: The information contained in this e-mail, including any
attachments or other embedded messages, is legally privileged and
confidential and is intended only for the use of the individual or entity to
whom it is addressed. If the reader of this message is not the intended
recipient or an agent responsible for delivering it to the intended
recipient, you are hereby notified that any viewing, dissemination,
distribution, retransmitting, or copying of this e-mail message is strictly
prohibited. If you have received and/or are viewing this e-mail in error,
please notify the sender immediately by reply e-mail, and delete this and
all copies of this communication from your systems. Thank you.


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Thursday, November 10, 2005 8:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Securing TS

http://www.ISAserver.org

Yes, if the RDP client allowed you to specify a source port, but it doesn't.
That's the buzz kill.  So, if you want to use my patented "source port
firewall rules" for MS RDP clients, you'll have to bounce it off a secondary
connection (like fport.)

t

----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, November 10, 2005 8:35 PM
Subject: [isalist] Re: Securing TS


http://www.ISAserver.org

Dude,

What do you mean by a secondary connection? Wouldn't just be a primary
connection with a specified source port to the alternate secondary port?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, November 10, 2005 10:30 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Securing TS
>
> http://www.ISAserver.org
>
> Publish on an alternate port, and change the name of the
> admin account on
> the box to prevent brute force attacks via RDP.
>
> If you have a savvy user, or if you can batch it up, publish
> rules not only
> based on the destination port, but the source port as well--
> that way you
> can bounce off of a secondary connection specifying source
> port and still
> not have to worry about "raw" publishing (without a secondary
> authentication
> method.)
>
> t
>
> ----- Original Message -----
> From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, November 10, 2005 8:21 PM
> Subject: [isalist] Securing TS
>
>
> http://www.ISAserver.org
>
>
> Any good tips on security TS on ISA 2004 Server?? Someone
> wants to setup
> TS to access their accounting package from home, since VPN will knock
> down their bandwidth (5Meg Down/800K UP) we decided that TS would be
> their best bet.
>
> Andrew
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mmorgan@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.12.8/166 - Release Date: 11/10/2005


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mmorgan@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » RE: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS
• » Re: Securing TS

1. Home
2. isalist
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---