Episode 423 - Securing Remote Desktop, Online Brute Forcing and Terminal Service Alternatives [Discussion]

marilee · #1 01-21-2009, 04:21 PM

Darren's back in the kitchen with an illustrated scenario of online brute forcing every systems administrators beloved remote desktop. He whips up some home made chicken noodle soup and tosses on the ol' white hat for a talk about countermeasures and security best practices. Then Matt brings you a full featured and aggressively priced alternative to Microsoft's own Terminal Service. Do I hear cheap thin clients around the corner?

Watch or download now

#2 01-22-2009, 12:10 AM

I liked this episode, it seems like the technolust was back again. I did not know that xpunlimited came out with a new version. Awesome. We used the older original version in conjuction with our Linux Terminal Server clients to access a MSWindows XP box way back when. I will definitely be looking into the new version again.

I love HP equipment also.
So buy HP
So buy Apple.

p.s. please show us how you do ssh tunneling.

doxid · #3 01-22-2009, 01:11 PM

Just started watching this ep,

I'll make a comment right away, the sound is WAY way to low in this ep :/
I use a Dell Optiplex GX620 at work and the built in speaker on the front.
And i can barely hear words at all from Darren :/

jsc315 · #4 01-23-2009, 01:32 AM

Yea the sound seemed a little off.

xfuuey · #5 01-26-2009, 11:33 AM

Quote:

Originally Posted by DoXiD

Just started watching this ep,

I'll make a comment right away, the sound is WAY way to low in this ep :/
I use a Dell Optiplex GX620 at work and the built in speaker on the front.
And i can barely hear words at all from Darren :/

ya, but those 620 speakers just suck anyway. we have about 200 of those in my building, and the users are constantly bitching about 'em

n00b-nipple · #6 01-27-2009, 06:14 PM

Well, I'm back. I've been out of circulation for a month and I am catching back up on Hak5.

I love the 720p video. A clear picture is just fabulous, especially on larger screens. While an HD format, I must say that the picture itself does not seem like a true 720p picture. There is a soft glow filter effect to the image. It's not objectionable. In fact, it is heavenly compared to the low quality YouTube-esque stuff you had been putting out. But, the image is not razor sharp. Is this a camera limitation or is this some other compression related distortion. Still, I love the new 720p format.

The sound in this episode was low and needed a +5 gain, minimum.

I rather like the "Dinner and a Movie" http://www.tbs.com/movies/dinnerandamovie/ like segment with hacking and a dinner/drink recipe. But, it is unoriginal so, try to come up with your own unique concept. But, if you can't come up with something unique, keep what you've got it works well.

Snubz antics in the background seemed rather double entendre, was that intentional, a Freudian slip or do I have a dirty mind?

I like where the show has gone. Keep up the good work.

n00b-nipple · #7 01-27-2009, 06:34 PM

Matt:

I'm afraid that you are a bit off about the terminal services licensing requirements. With terminal server installations, not only do you have to have the additional client licensing but, in the case of most commercial applications, you must also have additional licenses for each running instance of each application. e.g. If you have 5 users running Photoshop on your terminal server, then you had better have 5 licenses for Photoshop, as well as your 5 user terminal server licenses even if it is all one single installation. There is NO license cost savings with terminal services. In fact, most legal terminal server installations - including hardware, software and licensing - cost the same or more than the equivalent individual desktop installations.

Your savings is in management overhead. Instead of installing and maintaining 5 instances of an OS and its applications, you install a single copy of the OS and applications and 5 simultaneous users can utilize it. Likewise, updates are a one time affair at a centrally managed server. New applications are a single server installation away rather than visiting 5 workstations.

Also, Microsoft Terminal services, by default, may allow 5 Administrators to connect without additional licensing but , not even one regular user can connect without additional terminal server licenses.

Finally, XPUnlimited is a great little program. But, contrary to their website's claims, they are most definitely violating the MS EULA. You would have to be crazy to put an XPUlimited installation inside a U.S. business because you are in clear violation of Microsoft's license.

How then does XPUlimited get away with it? First, they are in The Netherlands, somewhat beyond Microsoft's sphere of easy domineering influence. Second, they are still so small as to not be worth the effort of international legal proceedings, if Microsoft are even aware of them yet. You, in Virginia, on the other hand are ripe for the BSA.

gigahacker · #8 01-28-2009, 12:40 AM

OK so I unpacked TS Grinder into a temp folder. I had to shut off the anti-virus as it didn't like the software. Anyway, I have a home network with a terminal server running on my Windows 2000 server box. When running TS Grinder on an XP box it would call RDP but it never filled in the user name or password into the form. Therefore the terminal never returned and grinder reported a TIMEOUT. Any ideas why it would not type the user name? Should I be able to see TS Grinder type into the form or is it passed with the call to RDP?

Also is there a place to get a complete 'dict' file so I don't have to make my own?

#9 01-28-2009, 09:46 AM

Quote:

Originally Posted by n00b Nipple

Matt:

I'm afraid that you are a bit off about the terminal services licensing requirements. With terminal server installations, not only do you have to have the additional client licensing but, in the case of most commercial applications, you must also have additional licenses for each running instance of each application. e.g. If you have 5 users running Photoshop on your terminal server, then you had better have 5 licenses for Photoshop, as well as your 5 user terminal server licenses even if it is all one single installation. There is NO license cost savings with terminal services. In fact, most legal terminal server installations - including hardware, software and licensing - cost the same or more than the equivalent individual desktop installations.

Your savings is in management overhead. Instead of installing and maintaining 5 instances of an OS and its applications, you install a single copy of the OS and applications and 5 simultaneous users can utilize it. Likewise, updates are a one time affair at a centrally managed server. New applications are a single server installation away rather than visiting 5 workstations.

Also, Microsoft Terminal services, by default, may allow 5 Administrators to connect without additional licensing but , not even one regular user can connect without additional terminal server licenses.

Finally, XPUnlimited is a great little program. But, contrary to their website's claims, they are most definitely violating the MS EULA. You would have to be crazy to put an XPUlimited installation inside a U.S. business because you are in clear violation of Microsoft's license.

How then does XPUlimited get away with it? First, they are in The Netherlands, somewhat beyond Microsoft's sphere of easy domineering influence. Second, they are still so small as to not be worth the effort of international legal proceedings, if Microsoft are even aware of them yet. You, in Virginia, on the other hand are ripe for the BSA.

You may also need back office licences for each client.. Let's see OS License for the server, OS License for the client. Multi user Application License for the program being used. Backoffice license to access the server. Terminal server client license to run the client. Five licenses required to run one program from a server. That is not even including the licenses for virus detection and spyware prevention for both the client and server. Talk about a racket.

People wonder why companies are having financial problems. Guess who has been sucking all the money. My understanding is that some Eulas are now being challenged in the courts as being not reasonable. There are a lot of open source remote desktop clients that have never been challenged by Microsoft in needing licenses to use them from what little I know about it. The Supreme court has found that you can modify or use your software anyway you want to meet your needs. Since technically the xpunlimied software is not from Microsoft there can be some room for discussion on what licenses are needed.

Our MSWindows servers have been replaced with open source. We now have an XWindows terminal server instead and to my knowledge it does not run on or require any software from a company in Redmond Washington. Open source software will eventually may make the BSA virtually moot. For a collectors item, I still do have an old "licensed" nt server with backoffice on an old p1 just for grins but we have not used it in forever and it may not last long either. Someone threatening action from the BSA will not win MS anymore customers. For sure it will do the opposite. I know was tired of alleged bullying tactics. How many people is MS laying off??? Has or has not MS been found to be a monopoly?

sembazuru · #10 01-29-2009, 01:27 PM

The terminal service (with 5 users on the free trial-ware version) from .nl sounds like an interesting idea for families. Have a big-honking machine in the "center" of the house, and everyone uses their netbook as a thin client to it. <tease>And mebby Darren would finally have a viable use for his netbook.</tease>

Thoughts?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode