Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  PAM Gateway for RDP (Remote Desktop Protocol) - Version 4.2

    Posted Aug 15, 2024 10:26 AM

    Hi team, I was reading about  PAM Gateway for RDP (Remote Desktop Protocol) released in version 4.2 and one think called my attention:

    Configure the PAM Gateway for RDP (Remote Desktop Protocol)

    Broadcom remove preview
    Configure the PAM Gateway for RDP (Remote Desktop Protocol)
    The PAM Gateway for RDP enables users to establish PAM sessions on Windows target devices in a supported Microsoft Remote Desktop client instead of opening RDP access methods in the PAM Client.
    View this on Broadcom >

     

    "Insecure Handling of RDP Files Can Lead to Untraceable Imposter Attacks:

    RDP files, which are easily copied and shared, can be used to establish multiple connections from any device. However, all activity is attributed to the user who first requested the connection and downloaded the file.
    An inadvertently shared or stolen RDP file can therefore be used by an imposter to access the Windows target device and anonymously impersonate the original user."
    Does it mean, if for any reason the RDP file is shared with somone, it will allow RDP the target server? Don´t we have any kind o Token validation to allow/disallow the RDP connection?
    Higor


  • 2.  RE: PAM Gateway for RDP (Remote Desktop Protocol) - Version 4.2

    Broadcom Employee
    Posted Aug 15, 2024 01:06 PM

    Hello Higor, The whole point of this new way of RDP access is to do it w/o PAM code on the client side. Therefore the RDP file has to include the token that the PAM server uses to validate the connection. The token is valid for 5 minutes by default. A PAM administrator can adjust this value, with a minimum of one minute. Once the token expires the file cannot be used anymore.


    Original Message