The Not So Secret Security Risks of RDP (Presentation Virtualization)
Microsoft is getting big into the virtualization game. While most Microsoft network admins are aware of Virtual Server 2005 R2 and Virtual PC, Microsoft has several other virtualization products that are currently available or in the works. However, before getting to Microsoft's virtualization offerings, it's worth thinking about the types of virtualization products that are available.
Most of us think of virtualization as operating system virtualization. Examples of products that provide operating system virtualization are Virtual Server 2005 R2, Virtual PC, VMware workstation and server (including ESX server) and the upcoming Hyper-V, which will be server virtualization included in Windows Server 2008.
But there are other types of virtualization. These are:
- Presentation Virtualization
- Application Virtualization
Presentation virtualization is where a desktop environment running on one machine is presented to another machine. Remote Desktop and Terminal Services are examples of presentation virtualization. Application virtualization is where individual applications actually run on another computer and are streamed to another computer. Examples of application virtualization include Microsoft SoftGrid and Windows Server 2008 Terminal Services RemoteApp.
Application virtualization is an important security advance. Why? Because of the risks of full presentation virtualization. Think about it. When you allow remote access to a full Remote Desktop or Terminal Services session, you're allowing access to a full featured desktop platform and everything that a full desktop platform can do. What if can intruder is able to gain access to a FULL DESKTOP environment and take advantage of everything that a full desktop environment can do? It would be a security nightmare. Think of how easy it would be for an attacker to gain whatever information he wanted if he had full control of a desktop within your network.
Now you might say "well, we require authentication and authorization and users aren't allowed to run as admin". That's true, but think about how easy it is to get user passwords or smart cards. Theft takes care of the smart card problem, and social engineering can take care of both the smart card and PIN or password issue. Once the attack gains access to these credentials, it's party time for the attacker, and it's your network hosting the attacker's party.
This is why I never allow full presentation virtualization (Remote Desktop or Terminal Server) to average users. They don't need it, so they don't get it. However, they do need access to data. How do you provide this access? Use a VPN server with strong firewall access controls (like what you can do with an ISA Firewall VPN server) or use an SSL VPN gateway, like the Microsoft IAG.
Or -- use the upcoming Windows Server 2008 Terminal Server RemoteApps or SoftGrid. Both of these provide users access to applications they need to do their work, and can also provide them with access to the information they need to use with those applications. Remember, the Holy Grail is least privilege. If users need remote access to applications, then give them access to the applications. But don't give them any more than that.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)