So it looks like the <name your assessment here> will be spawning a security assessment as well.
That's never happened before. Ever. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Thursday, August 11, 2016 7:44 AM To: Exchange List <exchange@lists.myitforum.com> Subject: RE: [Exchange] Exchange CAS RDP open They are not, I was shocked that RDP was open without any pre-auth in place I have warned them about drive-by RDP crypto attacks. So it looks like the DR assessment will be spawning a security assessment as well. Jean-Paul Natola ________________________________ From: asbz...@gmail.com<mailto:asbz...@gmail.com> To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: Re: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 14:32:59 +0000 It seems like it's not just Exchange CAS that they are allowing external RDP to... Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Expert Technology Consulting Services for the SMB market... GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A [https://track.mixmax.com/api/track/v2/Mhrs9BZWWlpQo18qC/gIt92YuwWah12ZAVmbvpnYzFmI/i02bj5Sb1J3bmRXa51mLzR3cpxGQldmbhh2Y4VmI] On Thu, Aug 11, 2016 9:35 AM, J- P jnat...@hotmail.com<mailto:jnat...@hotmail.com> wrote: literally one number off, they said to RDP in use this IP (On a separate note that was my first clue things were amiss when the new admin said "we don't use names to connect in we use IP's') So let's say the RDP address was 67.250.48.168 , their mail server was one digit off i.e. 67.250.48.167 ________________________________ From: rich...@gmail.com<mailto:rich...@gmail.com> Date: Wed, 10 Aug 2016 21:01:16 -0400 Subject: Re: [Exchange] Exchange CAS RDP open To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> I'm curious how you mistyped the connection info. Can you provide sanitized versions of what you entered into the RDP client? On Wed, Aug 10, 2016 at 8:29 PM, J- P <jnat...@hotmail.com<mailto:jnat...@hotmail.com>> wrote: its wide open via IP/URL , you can literally open rdp , type in the ip and connect ________________________________ From: mich...@smithcons.com<mailto:mich...@smithcons.com> To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Exchange CAS RDP open Date: Thu, 11 Aug 2016 00:13:24 +0000 Those are really 2 very different questions. I would absolutely have RDP open locally (i.e., in the datacenter). How else will you maintain the server in case of problems? Remotely - no. Likely not. Except for administrative access via VPNs that can access the servers in the datacenter. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of J- P Sent: Wednesday, August 10, 2016 7:33 PM To: Exchange List Subject: [Exchange] Exchange CAS RDP open Hi all, Despite having worked with Exchange since 2003 through 2013, I have always worked in single server Exchange deployments,. Recently I was at a site where I was tasked with reviewing the DR strategy. While doing the assessment I inadvertently RDP'd into the CAS server (typo in the ip), the question I have , is there ANY reason whatsoever RDP would be enabled on a CAS server, and even more to the point, any reason it should be open through the firewall??? TIA jp Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender with a copy to complia...@ochin.org, delete this email and destroy all copies.