Thread: Remote Desktop - How to access the remote drive locally ?
View Single Post
  #7  
Old March 18th 15, 09:38 PM posted to microsoft.public.windowsxp.help_and_support
R.Wieser
external usenet poster
  
Posts: 1,302
Default Remote Desktop - How to access the remote drive locally ?
David,

Huh ?

Well, this is what it looks to me: The Remote computer is allowed, because
of the necessity of copying, access to a drive on the client machine. As
I've not seen any restrictions to that this means that the remote machine
can read, write and alter anything on that drive.

Now if the remote machine is infected with anything, isn't that (the
attached drive) the perfect place to see if any files/executables can be
found to store some viri-offspring in ?

However onnce the tunnel has been created based upon
authentication, it is possible that malware can be passed
through the tunnel.

Yes, thats always a possibility. But do we really need to open the barn
doors for any viri that are in search for files to infect by giving the
remote machine full access to our/a local drive ?

In other words, its not about which port the data is coming thru, or how
many bits the encryption key is. Its way simpler to exploit than that.

If you know anything that proves me wrong than please do so, as I do now not
at all feel at ease using Remote Desktop.

Regards,
Rudy Wieser


-- Origional message:
David H. Lipman schreef in berichtnieuws
...

Huh ?

No. First you can change the XDaemon port from TCP port 3389 to another,
unepected, port. Secondly you should the TCP connection as a tunnel where
the screen, keystrokes, mouse movements, sound, etc., and files travel
through. This tunnel uses encryption and authentication. Malware is not
sophiticated enough to "worm" through RDP. However onnce the tunnel has
been created based upon authentication, it is possible that malware can be
passed through the tunnel. This is a case of what is called the "Insider
Threat" and would exist if you had physical access or RDP access. But,
that
is why there are layers and protocols to limit the use of RDP to help
eliminate the threat.

In the client-server model this is always present. RDP is just an
extension
of the client-server model.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
Ads