Who is at Fault?

thwr

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

Net Runner

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

scottalanmiller

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

thwr

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

JaredBusch

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

thwr

@jaredbusch said in Who is at Fault?:

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

That's the point. It's a whole different story

Dashrender

@thwr said in Who is at Fault?:

@jaredbusch said in Who is at Fault?:

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

That's the point. It's a whole different story

Really, are you saying that RDP with a good password is less secure than a VPN with a good password?

I'm not sure you can do RDP auth based on certificate?

thwr

@dashrender said in Who is at Fault?:

@thwr said in Who is at Fault?:

@jaredbusch said in Who is at Fault?:

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

That's the point. It's a whole different story

Really, are you saying that RDP with a good password is less secure than a VPN with a good password?

I'm not sure you can do RDP auth based on certificate?

I wouldn't even start this kind of discussion. Do you really think that someone who puts RDP into the wild and got hacked (probably by brute force and weak passwords) really cares about client certificates? I doubt that.

Dashrender

@thwr said in Who is at Fault?:

@dashrender said in Who is at Fault?:

@thwr said in Who is at Fault?:

@jaredbusch said in Who is at Fault?:

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

That's the point. It's a whole different story

Really, are you saying that RDP with a good password is less secure than a VPN with a good password?

I'm not sure you can do RDP auth based on certificate?

I wouldn't even start this kind of discussion. Do you really think that someone who puts RDP into the wild and got hacked (probably by brute force and weak passwords) really cares about client certificates? I doubt that.

MS publishes RDP directly on the internet - this is my point. So taking certs out of the conversation - are you saying MS is crazy?

thwr

@dashrender said in Who is at Fault?:

@thwr said in Who is at Fault?:

@dashrender said in Who is at Fault?:

@thwr said in Who is at Fault?:

@jaredbusch said in Who is at Fault?:

@thwr said in Who is at Fault?:

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

@scottalanmiller said in Who is at Fault?:

@net-runner said in Who is at Fault?:

@thwr said in Who is at Fault?:

Someone exposed RDP on the firewall? Are you serious? Put a VPN tunnel in front for remote access.

This! Forwarding sensitive stuff like RDP to WAN is just... you know. You can try doing this, however, to see how thousands of brute connections (mostly Chinese IPs) start to initiate within a couple of minutes. Looks pretty scary

Same thing happens to exposed VPNs

I won't compare a certificate based VPN with RDP

Same thing still happens though. Just there is all but no risk of a successful access, because of the certificate base.

That's the point. It's a whole different story

Really, are you saying that RDP with a good password is less secure than a VPN with a good password?

I'm not sure you can do RDP auth based on certificate?

I wouldn't even start this kind of discussion. Do you really think that someone who puts RDP into the wild and got hacked (probably by brute force and weak passwords) really cares about client certificates? I doubt that.

MS publishes RDP directly on the internet - this is my point. So taking certs out of the conversation - are you saying MS is crazy?

I'm talking about this specific scenario here, not RDP in general.

Dashrender

This scenerio is the fault of:

• IT for giving the user local admin,
• the local user for allowing a remote person to create a local account
• the local user for not checking the password requirements for that account
• the remote support for using a shit password
• the remote support for allowing use to have access to RDP (assuming it wasn't needed)