They are not, I was shocked that RDP was open without any pre-auth in place I have warned them about drive-by RDP crypto attacks. So it looks like the DR assessment will be spawning a security assessment as well.
Jean-Paul Natola From: asbz...@gmail.com To: exchange@lists.myitforum.com Subject: Re: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 14:32:59 +0000 It seems like it's not just Exchange CAS that they are allowing external RDP to… Regards, ASB http://XeeMe.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Thu, Aug 11, 2016 9:35 AM, J- P jnat...@hotmail.com wrote: literally one number off, they said to RDP in use this IP (On a separate note that was my first clue things were amiss when the new admin said "we don't use names to connect in we use IP's')So let's say the RDP address was 67.250.48.168 , their mail server was one digit off i.e. 67.250.48.167 From: rich...@gmail.com Date: Wed, 10 Aug 2016 21:01:16 -0400 Subject: Re: [Exchange] Exchange CAS RDP open To: exchange@lists.myitforum.com I'm curious how you mistyped the connection info. Can you provide sanitized versions of what you entered into the RDP client? On Wed, Aug 10, 2016 at 8:29 PM, J- P <jnat...@hotmail.com> wrote: its wide open via IP/URL , you can literally open rdp , type in the ip and connect From: mich...@smithcons.com To: exchange@lists.myitforum.com Subject: RE: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 00:13:24 +0000 Those are really 2 very different questions. I would absolutely have RDP open locally (i.e., in the datacenter). How else will you maintain the server in case of problems? Remotely – no. Likely not. Except for administrative access via VPNs that can access the servers in the datacenter. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Wednesday, August 10, 2016 7:33 PM To: Exchange List Subject: [Exchange] Exchange CAS RDP open Hi all, Despite having worked with Exchange since 2003 through 2013, I have always worked in single server Exchange deployments,. Recently I was at a site where I was tasked with reviewing the DR strategy. While doing the assessment I inadvertently RDP'd into the CAS server (typo in the ip), the question I have , is there ANY reason whatsoever RDP would be enabled on a CAS server, and even more to the point, any reason it should be open through the firewall??? TIA jp