I quickly discovered that a GPO had recently been implemented that enforced NLA for RDS and also assigned a certificate template to use for Remote Desktop instead of the default self-signed version. I hopped onto the certificate authority to check out the certificate template that had been configured and compared it to the recommendations of the Microsoft article for assigning certificates to RDS sessions at https://blogs.technet.microsoft.com/enterprisemobility/2010/04/09/configuring-remote-desktop-certificates/ as this is an article I have referred to before and know it works.
As anyone who visits my site on a regular basis may have noticed, I’ve been working hard on securing up this blog to make it follow more best practices and more in keeping with modern web security given it’s been quite a while since I’ve touched that side of the site, and there have been numerous things that I have implemented and I thought I would give a little run down of them.
Read on after the fold for the low down on each of the features and how it works.
Our MD at Fordway authored an article on freshbusinessthinking.com back in November 2014 which I was drawn to today which for me really hits the nail on the head about security and how public cloud addresses it and the simple fact is, is your organisation fully PCI DSS compliant or do you hold an ISO 27001 certification? How about the myriad of other industry security certifications such as SOC, FIPS 140-2, HIPAA or EAL?
Well public cloud providers often are accredited with a number of these certifications which makes their environments actually more secure than the majority of environments run by in-house IT.
This script kiddie (if we can call him that) is so Ã¢â‚¬Ëœleet that he’s managed to discover a way to monitor who is viewing Google or any other website at a given moment in time: Unless that is, you have an internet connection faster than him else all he see’s is * and Request Timed Out.
Recently a DNS exploit was discovered by Dan Kaminsky. This exploit was reportedly so big that he decided to keep the details close to hand until everyone had a chance to plug their DNS servers, however this plan failed somewhat and details of it got online.
Whilst most people fixed their DNS some major players like AT&T and Apple are still yet to fix the issue, and the first released reports of the exploit being performed came to light today.