?
Solved

Remote Desktop Security

Posted on 2004-10-20
5
Medium Priority
?
256 Views
Last Modified: 2010-04-11
I have several servers and want restrict what computers have access to those servers by NOT locking down clients. I run 2000 and 2003 over a cisco backbone. Anything I can do like MAC address filtering over a port for a specific open RD port? Or some sort of MAC access list configured on the server to deny all connections except certain MAC addresses for Remote Desktop only (since we have DHCP and DNS servers).
0
Comment
Question by:Fubyou
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:OliWarner
ID: 12366269
MAC isnt secure... anybody who's anybody can change their MAC address...

Try implementing some kind of IPSEC authentication
0
 
LVL 3

Expert Comment

by:farpost
ID: 12366479
do not filter by mac, filter by ip addresses.
Create inbound access list on your server interface, allow inbound connections to port 3389 (remote desktop) only from allowed clients ips.

something like:

access-list 101 permit tcp  host 1.1.1.200 host 1.1.1.1 3389
access-list 101 permit tcp host 1.1.1.201 host 1.1.1.1 3389
access-list 101 deny tcp any any 3389
access-list 101 permit ip any any

Where 1.1.1.1 - server ip, and 1.1.1.200, 1.1.1.201 - client ips
0
 

Author Comment

by:Fubyou
ID: 12366727
IPS are dynamic and in some cases having a static ip is not possible.
Why a IP and not a MAC both can be spoofed.
0
 
LVL 3

Accepted Solution

by:
farpost earned 2000 total points
ID: 12366766
okay, you can solve this using windows features:

Create domain group and add allowed computer accounts to the group.
Then open 'terminal services configuration' snap-in on the server, go to Propeties of 'RDP-tcp', go to Premissions. Remove Users group and add your new group.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 14324971
Rdp just got less secure...
Cain & Abel v2.7.3 released
New features:
- RDPv4 session sniffer for APR
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.
-rich
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question