Active Topics
-
Porting apps to Leste (32)
to Maemo 7 / Leste by Arno_11 - 19 hrs, 7 mins ago -
[ANNOUNCE] CSSU-thumb thread - stable Thumb2 on N900 (2,264)
to Maemo 5 / Fremantle by panjgoori - 2 days, 13 hrs ago -
Full linux distros on Sailfish OS (254)
to SailfishOS by qoh - 3 days, 11 hrs ago - more...
|
2010-01-15
, 17:49
|
|
Posts: 472 |
Thanked: 442 times |
Joined on Sep 2007
|
#12
|
Originally Posted by colnago
A large companies bunker.
Depends on "whose bunker"...there's a couple of people with personal bunkers in their backyards, waiting for "the big day".
Either way, while the OP's idea is "nice to know", but there are just way too many issues to get into...for some situations. I had a good laugh though. Thoughts of SWAT teams with laser sights and 24hr coverage on FOX news were dancing through my head.
__________________
If you don't know how to check your N900's uptime, you probably shouldn't own it.
If you don't know how to check your N900's uptime, you probably shouldn't own it.
|
|
2010-01-15
, 17:52
|
|
Posts: 2,014 |
Thanked: 1,581 times |
Joined on Sep 2009
|
#13
|
While I might not agree with the technique - I do have to say thanks to OrangeBox for the howto. Its a vast improvement from the normal troll and in some circumstances may be a good solution for an individual etc.
Thanks OB
Thanks OB
__________________
Class .. : Power Poster, Potential Coder
Humor .. : [*********] Alignment: Chaotic Evil
Patience : [***-------] Weapon(s): +2 Logic Mace
Agro ... : |*****-----] Relic(s) : G1, N900
Class .. : Power Poster, Potential Coder
Humor .. : [*********] Alignment: Chaotic Evil
Patience : [***-------] Weapon(s): +2 Logic Mace
Agro ... : |*****-----] Relic(s) : G1, N900
| The Following User Says Thank You to Bratag For This Useful Post: | ||
|
|
2010-01-15
, 17:56
|
|
Posts: 518 |
Thanked: 160 times |
Joined on Dec 2009
|
#14
|
Originally Posted by Laughingstok
Fair enough, and justifiable enough. I was attempting to "humorously" make the point that, "that dog ain't gonna hunt", anywhere there are decent security measures in place....bunker locations included, be it corporate or fed., but more so at fed. Especially when you're at a site, leaning up against a server rack, and you realize your hand is covering a label that reads, "NORAD".
A large companies bunker.
|
|
2010-01-15
, 18:18
|
|
Banned |
Posts: 291 |
Thanked: 42 times |
Joined on Dec 2009
|
#15
|
Originally Posted by rewt
I disagree. This is how millions of Windows Servers are being administered around the world. When VPN is not an option, we usually lock down access for the source IP. This should work even for people who are on DSL at home since the IP does not change that often. Also username, password, domain name must be given.
Let's start with these points...
1. Opening RDP to the world, to administer from one remote device is a bad idea.
Originally Posted by rewt
Yes, by default is the key here. I let you write up a tutorial for the certificates ;-) to prevent MIMs
Let's start with these points...
2. Although RDP is encrypted, there is no verification of the server's identity by default - this makes it possible for man-in-the-middle attacks.
Originally Posted by rewt
And the point here is?
Let's start with these points...
3. AFAIK rdesktop doesn't support TLS, so enabling it to reduce the risk of a man-in-the-middle attack is not an option.
Originally Posted by rewt
PPTP is by far the easiest VPN configuration. Hope Maemo will add support to it. OTOH most mainstream firewalls allow you to connect via IPSEC and SSL-VPN in addition to PPTP.
Let's start with these points...
4. VPN is good. Off the top of my head, OpenVPN and vpnc (Cisco compatible VPN client) are both available for Maemo, so there is no reason not to use it.
|
|
2010-01-15
, 20:29
|
|
Posts: 150 |
Thanked: 93 times |
Joined on Oct 2009
@ Pennsylvania, US
|
#16
|
Originally Posted by OrangeBox
By people not concerned about security - inexperienced admins, generally. It's trivial to configure a VPN using OpenVPN (free), or even MS Routing and Remote Access (free with MS Server OS). It's not unusual these days for most firewalls to include some sort of VPN functionality. There is no excuse for exposing potentially insecure services such as this to the world these days. Even Microsoft advises to open as few ports to the world as possible. You never know what the next vulnerability in RDP will be, and based on a quick look through old KB articles remote code executions and denial of service attacks aren't out of the realm of possibilities.
I disagree. This is how millions of Windows Servers are being administered around the world. When VPN is not an option, we usually lock down access for the source IP. This should work even for people who are on DSL at home since the IP does not change that often. Also username, password, domain name must be given.
Originally Posted by OrangeBox
Even if they were told to do so and how, it would currently break access using rdesktop.
Yes, by default is the key here. I let you write up a tutorial for the certificates ;-) to prevent MIMs
Originally Posted by OrangeBox
The only way to verify the identity of the remote server is using TLS. TLS is not supported by rdesktop, therefore there is no way to mitigate MITM attacks. Tunneling the traffic through a VPN greatly reduces the likelihood of a MITM attack, though, which is another reason I advise against access RDP without any other security mechanisms in place.
And the point here is?
Originally Posted by OrangeBox
From what I can tell, MPPE support has not been built with the default Maemo kernel, so it'll take a bit of work to get a PPTP client up and running. Until then, there's nothing stopping you from using something else.
PPTP is by far the easiest VPN configuration. Hope Maemo will add support to it. OTOH most mainstream firewalls allow you to connect via IPSEC and SSL-VPN in addition to PPTP.
Last edited by rewt; 2010-01-15 at 20:39.
Either way, while the OP's idea is "nice to know", but there are just way too many issues to get into...for some situations. I had a good laugh though. Thoughts of SWAT teams with laser sights and 24hr coverage on FOX news were dancing through my head.