remote desktop security
DESCRIPTION
Remote Desktop Security. Raghav Chawla, Jon Ussery Group 20. What is Remote Desktop?. Remote administration software Ran on foreign host’s server Displayed locally. Motivation. Very popular Increasingly mobile society Need to access home/work PCs Extremely vulnerable - PowerPoint PPT PresentationTRANSCRIPT
Remote Desktop SecurityRemote Desktop Security
Raghav Chawla, Jon UsseryRaghav Chawla, Jon UsseryGroup 20Group 20
What is Remote Desktop?What is Remote Desktop? Remote administration softwareRemote administration software Ran on foreign host’s serverRan on foreign host’s server Displayed locallyDisplayed locally
MotivationMotivation Very popular Very popular Increasingly mobile societyIncreasingly mobile society Need to access home/work PCsNeed to access home/work PCs Extremely vulnerableExtremely vulnerable Easy to exploit these vulnerabilitiesEasy to exploit these vulnerabilities Complete accessComplete access
How Does it Work?How Does it Work? For Microsoft services:For Microsoft services:
Terminal services allow user to access data Terminal services allow user to access data and applications on a remote computerand applications on a remote computer
Different than appstreaming, as Different than appstreaming, as computations are processed on remote pccomputations are processed on remote pc
History (Microsoft software)History (Microsoft software) Terminal services were introduced in Terminal services were introduced in
Windows NT 4.0Windows NT 4.0 Vastly improved in Windows 2000Vastly improved in Windows 2000 Vista has new developments as wellVista has new developments as well
ClipboardClipboard AudioAudio
DifferencesDifferences In client versions of Windows OS, In client versions of Windows OS,
only one user can be logged in at a only one user can be logged in at a timetime
In the server version, concurrent In the server version, concurrent sessions are allowedsessions are allowed
Terminal Services provide for remote Terminal Services provide for remote software accesssoftware access
In ActionIn Action
Runs on port 3389Runs on port 3389 Includes ActiveX controlIncludes ActiveX control Winlogon.exe authenticates userWinlogon.exe authenticates user Keyboard and mouse inputs are transmitted via Keyboard and mouse inputs are transmitted via
TCP connectionTCP connection Virtual Channels Virtual Channels allow other devices to work allow other devices to work
(such as printers, audio, etc.)(such as printers, audio, etc.)
Some Software DistributionsSome Software Distributions Microsoft Remote Desktop Microsoft Remote Desktop
ConnectionConnection RealVNCRealVNC TightVNCTightVNC Apple Remote Desktop (for Apple Apple Remote Desktop (for Apple
pc’s)pc’s) GoToMyPCGoToMyPC
Software ComparisonSoftware Comparison
The LabThe Lab Hacking into remote desktopHacking into remote desktop Remotely Enabling remote desktopRemotely Enabling remote desktop Multiuser remote desktop hackMultiuser remote desktop hack Hacking through a firewallHacking through a firewall Security measuresSecurity measures
Hacking into Remote Hacking into Remote DesktopDesktop
Transferred WinVNC files on remote Transferred WinVNC files on remote pcpc
Used RegINI.exe to load data Used RegINI.exe to load data (password, socket connections) into (password, socket connections) into registryregistry
Installed VNC through command Installed VNC through command promptprompt
Enable Remote Desktop via Enable Remote Desktop via NetworkNetwork
Use Regedit to connect to the Use Regedit to connect to the Network registryNetwork registry
Find client machine on networkFind client machine on network
After a few registry edits, remote desktop After a few registry edits, remote desktop functionality will be availablefunctionality will be available
Multiuser Desktop HackMultiuser Desktop Hack Boot Windows in safe modeBoot Windows in safe mode Changed terminal services settingsChanged terminal services settings Replaced termsrv.dll files with Replaced termsrv.dll files with
alternatealternate
Multiuser Hack (cont.)Multiuser Hack (cont.) Changed some registry settingsChanged some registry settings
Finally, tweak Terminal Services settingsFinally, tweak Terminal Services settings
Hacking Through A FirewallHacking Through A Firewall Useful if port 3389 is blockedUseful if port 3389 is blocked Used Putty to setup a tunnel for Used Putty to setup a tunnel for
accessing RDC Serveraccessing RDC Server
Security MeasuresSecurity Measures Limit users who can log on remotelyLimit users who can log on remotely
Security Measures (cont.)Security Measures (cont.) Set an account lockout policySet an account lockout policy
Security Measures (cont.)Security Measures (cont.) Require passwords and at least 128-bit Require passwords and at least 128-bit
encryptionencryption Run - %SystemRoot%\system32\Run - %SystemRoot%\system32\
gpedit.msc /sgpedit.msc /s
Security Measures (cont.)Security Measures (cont.) Change the RDP port numberChange the RDP port number
Edit registry as follows:Edit registry as follows: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-TcpServer\WinStations\RDP-Tcp
Other ToolsOther Tools
Loopback!Loopback!
Any Questions?Any Questions?