re: What are the worst security practices you've ever witnessed? VIEW POST

FULL DISCUSSION
 

I've seen much worse than this before, but I found this really humorous - A client I worked for had a JIT RDP solution implemented - you had to request access through a service desk web portal, and have an agent installed on your workstation, and then you could use the built-in Windows RDP to get into the target machine. If you tried without requesting access or having the agent installed, you couldn't connect. I was one of the guinea pigs for this new solution.

So for whatever reason, my agent was really buggy when they put it on my workstation. I noticed that some web pages broke when I had the agent running, and I could no longer RDP into some machines that weren't even governed by the new solution. I realized that the agent could be affecting DNS somehow, and sure enough - the way the agent was "granting access" to the target machine was by adding a DNS entry for the machine. This means it was totally possible to circumvent the access request and agent by just setting your RDP target to the IP address of the machine, not the hostname.

 
 

The software in question probably can block RDP at a level other than just DNS calls, so it's moreso a vault door that's left open with a sign next to it saying "Please don't".

Lol that sounds like something that belongs in Loony Tunes.

code of conduct - report abuse