Remote Desktop SecurityWhat is Remote Desktop?MotivationHow Does it Work?History (Microsoft software)DifferencesIn ActionSome Software DistributionsSoftware ComparisonThe LabHacking into Remote DesktopEnable Remote Desktop via NetworkSlide 13Multiuser Desktop HackMultiuser Hack (cont.)Hacking Through A FirewallSecurity MeasuresSecurity Measures (cont.)Slide 19Slide 20Other ToolsLoopback!Any Questions?Remote Desktop SecurityRemote Desktop SecurityRaghav Chawla, Jon UsseryRaghav Chawla, Jon UsseryGroup 20Group 20What is Remote Desktop?What is Remote Desktop?Remote administration softwareRemote administration softwareRan on foreign host’s serverRan on foreign host’s serverDisplayed locallyDisplayed locallyMotivationMotivationVery popular Very popular Increasingly mobile societyIncreasingly mobile societyNeed to access home/work PCsNeed to access home/work PCsExtremely vulnerableExtremely vulnerableEasy to exploit these vulnerabilitiesEasy to exploit these vulnerabilitiesComplete accessComplete accessHow Does it Work?How Does it Work?For Microsoft services:For Microsoft services:Terminal services allow user to access data Terminal services allow user to access data and applications on a remote computerand applications on a remote computerDifferent than appstreaming, as Different than appstreaming, as computations are processed on remote pccomputations are processed on remote pcHistory (Microsoft software)History (Microsoft software)Terminal services were introduced in Terminal services were introduced in Windows NT 4.0Windows NT 4.0Vastly improved in Windows 2000Vastly improved in Windows 2000Vista has new developments as wellVista has new developments as wellClipboardClipboardAudioAudioDifferencesDifferencesIn client versions of Windows OS, In client versions of Windows OS, only one user can be logged in at a only one user can be logged in at a timetimeIn the server version, concurrent In the server version, concurrent sessions are allowedsessions are allowedTerminal Services provide for remote Terminal Services provide for remote software accesssoftware accessIn ActionIn ActionRuns on port 3389Runs on port 3389Includes ActiveX controlIncludes ActiveX controlWinlogon.exe authenticates userWinlogon.exe authenticates userKeyboard and mouse inputs are transmitted via Keyboard and mouse inputs are transmitted via TCP connectionTCP connectionVirtual Channels Virtual Channels allow other devices to work allow other devices to work (such as printers, audio, etc.)(such as printers, audio, etc.)Some Software DistributionsSome Software DistributionsMicrosoft Remote Desktop Microsoft Remote Desktop ConnectionConnectionRealVNCRealVNCTightVNCTightVNCApple Remote Desktop (for Apple Apple Remote Desktop (for Apple pc’s)pc’s)GoToMyPCGoToMyPCSoftware ComparisonSoftware ComparisonThe LabThe LabHacking into remote desktopHacking into remote desktopRemotely Enabling remote desktopRemotely Enabling remote desktopMultiuser remote desktop hackMultiuser remote desktop hackHacking through a firewallHacking through a firewallSecurity measuresSecurity measuresHacking into Remote Hacking into Remote DesktopDesktopTransferred WinVNC files on remote Transferred WinVNC files on remote pcpc Used RegINI.exe to load data Used RegINI.exe to load data (password, socket connections) into (password, socket connections) into registryregistryInstalled VNC through command Installed VNC through command promptpromptEnable Remote Desktop via Enable Remote Desktop via NetworkNetworkUse Regedit to connect to the Use Regedit to connect to the Network registryNetwork registryFind client machine on networkFind client machine on networkAfter a few registry edits, remote desktop After a few registry edits, remote desktop functionality will be availablefunctionality will be availableMultiuser Desktop HackMultiuser Desktop HackBoot Windows in safe modeBoot Windows in safe modeChanged terminal services settingsChanged terminal services settingsReplaced termsrv.dll files with Replaced termsrv.dll files with alternatealternateMultiuser Hack (cont.)Multiuser Hack (cont.)Changed some registry settingsChanged some registry settingsFinally, tweak Terminal Services settingsFinally, tweak Terminal Services settingsHacking Through A FirewallHacking Through A FirewallUseful if port 3389 is blockedUseful if port 3389 is blockedUsed Putty to setup a tunnel for Used Putty to setup a tunnel for accessing RDC Serveraccessing RDC ServerSecurity MeasuresSecurity MeasuresLimit users who can log on remotelyLimit users who can log on remotelySecurity Measures (cont.)Security Measures (cont.)Set an account lockout policySet an account lockout policySecurity Measures (cont.)Security Measures (cont.)Require passwords and at least 128-bit Require passwords and at least 128-bit encryptionencryptionRun - %SystemRootRun - %SystemRoot%\system32\gpedit.msc /s%\system32\gpedit.msc /sSecurity Measures (cont.)Security Measures (cont.)Change the RDP port numberChange the RDP port numberEdit registry as follows:Edit registry as follows:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TcpServer\WinStations\RDP-TcpOther ToolsOther ToolsLoopback!Loopback!Any Questions?Any
View Full Document