Reply to post: Re: .NET 4.0.30319

This page is currency unavailable... Travelex scrubs UK homepage, kills services, knackers other sites amid 'software virus' infection

[VtS]Alf

Re: .NET 4.0.30319

I think, my point still stands. I just checked the CVE database with a few searches (queried ‘Cisco ASA’, ‘Microsoft RDP’, ‘Microsoft Remote Desktop’, ‘Microsoft Terminal Server’ and the results for Cisco for 2019 were 28 and for MS the last CVE was from 2017.

Also, the RDS server can be configured just as easily with certificates and 2FA (Who doesn’t remember our RSA tokens which generated a new code every x seconds?).

And that should be the way to configure it when you’d expose 3389 directly to the internet. But just stating that it is unsafer to expose 3389 to the www, instead of a VPN port is incorrect I think.

Ofcourse I don’t expose 3389 to the outer world and we use a VPN solution for our users. Seeing the CVE list, we might ask ourselves if it isn’t safer even.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020