Unable to RDP (PFSense)
-
@johnpoz said in Unable to RDP (PFSense):
specific link
Ok for specific : this one, just a couple of hours ago : https://nakedsecurity.sophos.com/2019/06/06/microsoft-dismisses-new-windows-rdp-bug-as-a-feature/
That page shows some info already.
Google Microsoft RDP and you'll be a happy man.I found the subject myself because I do have (yes, I do !) a XP system alive **.
I received an update .... => that made me really curious.
I learned that XP and Vista were patched - or these OS's are declared 'dead' many years ago - even my favourite "7 Pro" will step back in about 10 months. I don't know what to do in the future : Microsoft scares the hell out of me with there recent desktop OS's. I guess I still have to maintain this paper with all my "tips tricks hacks".** to replace them with Windows 10 Pro ? I've got a spare Pc @home, a 'powerful' PC (Dell XPS 8800 / SSD /2 HD's / 16 Gb / Nvidia 1070 / whatever ) - it plays x-Plane 11 rather descent.
But when Windows pops up with an update - or worse, it tells me it had installed an update, so, up to us to hunt down the "what is broken now" ?
Just this week : "10" came out with a new massive update : I saw with my own eyes a low-bud portable, branded "Ok for 10" : it went 'dark for more the 12 hours while 'updating' : the owner (no me) though it was dead ..... I advised him to leave it in a corner, and check back on it "tomorrow or so". It actually did ....On my big PC this update (also called May 1903) took close to one hour ...... wtf !
Sorry for going out-of-subject.
-
https://forum.netgate.com/topic/143948/more-details-about-bluekeep-the-microsoft-rdp-vulnerability
Microsoft's RDP is so flawed that actually the NSA is begging admins to patch their systems immediately.
There is no scenario where you would want to expose RDP to public access (unless you want to become a malware hub).
-
@jahonix said in Unable to RDP (PFSense):
There is no scenario where you would want to expose RDP to public access (unless you want to become a malware hub).
Completely agree.. .But there is MS docs about using it to access your systems in the cloud, etc.
-
I imagine they would have you restrict the source network first.
-
exposing pfsense webUI to the internet should not be considered as an option at all if you are already have a public ip that accessible from the internet you are few clicks a way from setting up openvpn on pfsense. it's really easy it's even got a wizard.
you can even setup 2 factor auth with it using freeRadius for extra security.
dude I'm paranoid about opening port on my lan let alone the WAN. -
@KOM said in Unable to RDP (PFSense):
you restrict the source network first.
You would sure hope so!! But how many have it open so mobile users can access, etc. etc.
-
I don't get the point what's the problem with setting up some VPN RAS and hide all services behind it.
Depending on User size the work is 5min/5hrs/5 days.
With someone taking down your whole network encrypting everything and your work is 5 weeks to 5 months...maybe your company is dead then.-Rico
-
In my experience, the problem isn't so much that installing & configuring OpenVPN is hard. It's not. The problem is getting your users to accept that this is how to connect now with them whining endlessly, especially if those whining users are senior management. You tell them the risks and they go "Ya ya ya whatever give me my RDP!" Of course, if your network gets owned and goes down, those same idiots will be stomping on your head as why this happened and why didn't you do something about it beforehand.
-
@KOM lol i totally understand these types of people.
normally i just outsmart them by telling them that this is the only way to do it.
i always argue with my manager that don't tell me how to fix your problem, just tell me your problem i will fix it and don't ask me how i fix it.
this is because in most cases the don't have any knowledge about networking. -
True words.
But if network security is (part) of my business my job is also to convince those idiots. My network my Rules.
So what could be the worst case? Fired by a non-tech head chief telling me how to run the network? Sure go ahead, I don't want to make this job then.-Rico
-
@Abdrouf4995 said in Unable to RDP (PFSense):
this is because in most cases the don't have any knowledge about networking.
That's never stopped a manager from giving his opinions before I have personally argued several times with someone who never learns that intra-LAN traffic doesn't hit the firewall. He doesn't know what a gateway is for, and yet he argues with me as if he had a clue. He is the poster boy for Dunning-Kruger Effect:
"Incompetent people, the researchers found, are not only poor performers, they are also unable to accurately assess and recognize the quality of their own work. These low performers were also unable to recognize the skill and competence levels of other people, which is part of the reason why they consistently view themselves as better, more capable, and more knowledgeable than others."