Terminal Server: The Day of Reckoning presented at BlackHatWindows 2001

by Erik Pace Birkholz, Clinton Mugge,

Summary : Windows administrators have long struggled with the problem of native graphical remote access to their servers. Today, Microsoft's Windows 2000 Server offers a solution that is tightly integrated with the operating system: Terminal Server. Terminal Server provides a valuable and robust tool for Windows 2000. As usual, due diligence must be performed when implementing any new technology. To quote from Microsoft's site, "Windows 2000 Terminal Services is a technology that lets you remotely execute applications on a Windows 2000-based server from a wide range of devices over virtually any type of network connection." Windows 2000 Terminal Server provides a fully interactive, user-friendly, graphical interface to users and administrators alike. This free administration tool may be an affordable means of implementing a distributed application solution - but at what cost?
Demonstrations will highlight the impacts of typical Windows attacks coupled with Terminal Server as well as Terminal Server specific attacks. Solutions will be presented to reduce the impact of these attacks. Countermeasures will include implementing critical security features found native to W2K Terminal Server and available from the W2K Option Pack.
Erik is a Principal Consultant/Trainer for Foundstone. Erik's prime area of concentration is Internet and Intranet technologies and the security of their encompassing protocols, network devices, and operating systems. He specializes in Attack & Penetration testing and security architecture design. Erik also instructs Foundstone's "Ultimate Hacking: Hands On" and "Ultimate NT/2000 Security: Hands On" courses. Prior to joining Foundstone, Inc., he served as an Assessment Lead for Internet Security System's (ISS) West coast Consulting Group. Before ISS, Erik worked for Ernst & Young's eSecurity Solutions group. He was a member of their National Attack and Penetration team, and an instructor for their "Extreme Hacking" course.
Clinton is a Principal Consultant at Foundstone, specializing in Attack & Penetration and E-commerce security architecture reviews. Prior to joining Foundstone, Inc. he was a senior consultant for Ernst & Young's eSecurity Solutions group performing and managing Internet/Intranet security assessments, Cyber Process Certifications and Incident Response programs for new and existing clients. Before E&Y, Clinton served as a Counter-Intelligence (CI) Agent in the Information Warfare Branch of the U.S. Army, during which he assisted in planning and implementing CI Special Operation Concepts. He also served as the lead computer investigator in Top Secret information technology related investigations, and performed vulnerability surveys on Department of Army Units.
Their Presentation! (PowerPoint 2,720k)