Man In the Middle (MITM) ??
Posted on 2006-11-15
Can you please answer a couple of questions about Man In the Middle (MITM) ?
Background: I'm a Terminal Server (TS) admin for my company, and one of our directors is questioning the security of our TS users coming in thru RDP. We have "High" 128 encryption enabled, and good Password policies in place, Win2003 server all SPs and WUs. Our TS remote users are scattered and usually located in their client company offices. We have little control on their side, except knowing that they're using RDC RDP supporting 128-bit.
1. Is MITM just a theoretical vulnerabilty or do real threats exist? Has there ever been real attacks reported?
2. Does the Attack(er) have to be somewhere nearby, physically near the source IP or target IP ?
3. What communications are at risk, RDP, ICA, VNC, HTTPS, HTTP port 80, others? All others?
4. How do the big shops, like Schwab.com and Online banking protect themselves and their web browser customers?
5. On the surface, MITM reads like a serious vulnerabilty impacting all internet communications, I just can't believe it.
6. Is there a documented way to protect TS without going overly nuts?
Any links you can share will be helpful in my report, I tried to find web sites with documented information without much success.