Overclockers Australia Forums
OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 28th March 2012, 5:21 AM   #76
j3ll0
Member
 
j3ll0's Avatar
 
Join Date: Jul 2005
Posts: 4,317
Default

Quote:
Originally Posted by StratosFear View Post
I had someone who had the email signature "Head of IT" (I'm not even kidding) blast me just last week because I needed access to his server and he had RDP locked down by IP. I happened to be working from home (one of the many advantages of my job) so I gave him my home IP. He got back to me the next Monday when I was in the office asking me to connect so I told him I couldn't unless he allows access to my Work IP. He went absolutely crazy at me. How dare I give him a personal IP to allow access via RDP. It's these customers you just want to slap across the face.
Not picking a fight with you, but going through a nice proper change control process to make a change on a firewall to allow access from the Interwebz to RDP SHOULD take some time. I don't know your customers, but taking some time to get that change through wouldn't make me want to slap anyone.

.
__________________
Quote:
Originally Posted by Sir Winton Turnbull
"I am a Country member".
Quote:
Originally Posted by Gough Whitlam
"We remember!".
Vale Gough.
j3ll0 is offline   Reply With Quote

Join OCAU to remove this ad!
Old 28th March 2012, 8:03 AM   #77
nimmers
Member
 
nimmers's Avatar
 
Join Date: Dec 2005
Location: Sydney
Posts: 789
Default

Quote:
Originally Posted by Iceman View Post
Actually, apart from being sensitive to fragmentation, it's a pretty good protocol that for being around as long as it has, does not have a huge number of flaws.
So its ok in 2012 to have networked services exposed to the internet and running as root?

Everyone except Microsoft worked out this kind of thing is a bad idea a long time ago. It took this for them to actually change it for the better.
nimmers is offline   Reply With Quote
Old 28th March 2012, 8:27 AM   #78
yoink
Member
 
yoink's Avatar
 
Join Date: Feb 2002
Posts: 3,189
Default

Quote:
Originally Posted by StratosFear View Post
<snip>
I had someone who had the email signature "Head of IT" (I'm not even kidding) blast me just last week because I needed access to his server and he had RDP locked down by IP. I happened to be working from home (one of the many advantages of my job) so I gave him my home IP. He got back to me the next Monday when I was in the office asking me to connect so I told him I couldn't unless he allows access to my Work IP. He went absolutely crazy at me. How dare I give him a personal IP to allow access via RDP. It's these customers you just want to slap across the face.
One question though: shouldn't you be securely RDP'ing into your work over VPN first, and THEN get to the customers RDP
__________________
Over 200 trades and counting!

BatteryFree Mouse! Where is your avatar? Fake Memory Cards Paxjs vobiscum!
yoink is offline   Reply With Quote
Old 28th March 2012, 9:34 AM   #79
ra66it
Member
 
ra66it's Avatar
 
Join Date: Oct 2007
Location: Melbourne
Posts: 821
Default

I have RDP locked down to specific IPs and also VPN access for senior staff on dynamic IP.

One consultant engaged for a short term project got really shitty about the RDP lockdown and had the audacity to suggest that it was overkill, nobody gets hacked via rdp, and I didn't need it etc. Tried to go over my head to one of the directors.
ra66it is offline   Reply With Quote
Old 28th March 2012, 2:34 PM   #80
Iceman
Member
 
Iceman's Avatar
 
Join Date: Jun 2001
Location: Brisbane (nth), Australia
Posts: 6,484
Default

Quote:
Originally Posted by nimmers View Post
So its ok in 2012 to have networked services exposed to the internet and running as root?

Everyone except Microsoft worked out this kind of thing is a bad idea a long time ago. It took this for them to actually change it for the better.
You're confusing the service/protocol with both the default implementation and the framework in which it's implemented.
__________________
_,`,_,`,_,`,_

WTB: Cisco 1801-M PM me
Please rehash my posts and pass them off as your own ideas! Triple points for doing it in the same page of the thread. Plagiarism is the sincerest form of copyright infringement.
Iceman is offline   Reply With Quote
Old 28th March 2012, 3:53 PM   #81
FiShy
Member
 
FiShy's Avatar
 
Join Date: Aug 2001
Posts: 9,104
Default

I encap all my rdp in ssh, mostly for shits and giggles.
__________________
Quote:
Originally Posted by PabloEscobar View Post
With all this Man Dating around... you'd think The Liberals were pro gay-marriage...
Quote:
Originally Posted by PabloEscobar View Post
hotsexyseamen.com
FiShy is offline   Reply With Quote
Old 28th March 2012, 7:23 PM   #82
Daemon
Member
 
Daemon's Avatar
 
Join Date: Jun 2001
Location: bne.qld.au
Posts: 3,675
Default

Quote:
Originally Posted by Iceman View Post
You're confusing the service/protocol with both the default implementation and the framework in which it's implemented.
That's ok, Microsoft got all this confused as well

On a positive note, I haven't heard of too many instances where this RDP exploit has caused many problems. With only 443 bytes required to crash a system I was expecting a few thousand attempts from zombie PC's.
__________________
Fixing the internet... one cloud at a time.
Daemon is offline   Reply With Quote
Old 29th March 2012, 8:15 AM   #83
StratosFear
Member
 
Join Date: Jun 2001
Location: Melbourne, Australia
Posts: 7,709
Default

Quote:
Originally Posted by j3ll0 View Post
Not picking a fight with you, but going through a nice proper change control process to make a change on a firewall to allow access from the Interwebz to RDP SHOULD take some time. I don't know your customers, but taking some time to get that change through wouldn't make me want to slap anyone.

.
It wasn't the time taken that was the issue. He was adamant that giving my home IP access to his server via RDP was a huge security risk rather than giving my work connection access.

IF anything it is more secure as you're only giving me access rather than the 1000 computers sitting on my work network.
StratosFear is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 4:46 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd. -
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Internode!