240 likes | 743 Views
Remote Desktop Security. Raghav Chawla, Jon Ussery Group 20. What is Remote Desktop?. Remote administration software Ran on foreign host’s server Displayed locally. Motivation. Very popular Increasingly mobile society Need to access home/work PCs Extremely vulnerable
E N D
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20
What is Remote Desktop? • Remote administration software • Ran on foreign host’s server • Displayed locally
Motivation • Very popular • Increasingly mobile society • Need to access home/work PCs • Extremely vulnerable • Easy to exploit these vulnerabilities • Complete access
How Does it Work? • For Microsoft services: • Terminal services allow user to access data and applications on a remote computer • Different than appstreaming, as computations are processed on remote pc
History (Microsoft software) • Terminal services were introduced in Windows NT 4.0 • Vastly improved in Windows 2000 • Vista has new developments as well • Clipboard • Audio
Differences • In client versions of Windows OS, only one user can be logged in at a time • In the server version, concurrent sessions are allowed • Terminal Services provide for remote software access
In Action • Runs on port 3389 • Includes ActiveX control • Winlogon.exe authenticates user • Keyboard and mouse inputs are transmitted via TCP connection • Virtual Channels allow other devices to work (such as printers, audio, etc.)
Some Software Distributions • Microsoft Remote Desktop Connection • RealVNC • TightVNC • Apple Remote Desktop (for Apple pc’s) • GoToMyPC
The Lab • Hacking into remote desktop • Remotely Enabling remote desktop • Multiuser remote desktop hack • Hacking through a firewall • Security measures
Hacking into Remote Desktop • Transferred WinVNC files on remote pc • Used RegINI.exe to load data (password, socket connections) into registry • Installed VNC through command prompt
Enable Remote Desktop via Network • Use Regedit to connect to the Network registry
Find client machine on network • After a few registry edits, remote desktop functionality will be available
Multiuser Desktop Hack • Boot Windows in safe mode • Changed terminal services settings • Replaced termsrv.dll files with alternate
Multiuser Hack (cont.) • Changed some registry settings • Finally, tweak Terminal Services settings
Hacking Through A Firewall • Useful if port 3389 is blocked • Used Putty to setup a tunnel for accessing RDC Server
Security Measures • Limit users who can log on remotely
Security Measures (cont.) • Set an account lockout policy
Security Measures (cont.) • Require passwords and at least 128-bit encryption • Run - %SystemRoot%\system32\gpedit.msc /s
Security Measures (cont.) • Change the RDP port number • Edit registry as follows: • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp