Our updated list of ciphers from Figure 8 is listed below in Table 1. In the example shown below in Figure 8, these ciphers were all located sequentially, so they were easy to delete from the text. These should be any entries with ECDHE and/or ECDSA in the name. Remove any ciphers that support Elliptic Curve cryptography using Diffie-Hellman Ephemeral (ECDHE) or Digital Signature Algorithm (ECDSA) encryption. Copying the list of ciphers.Ĭopy this list of ciphers into a text editor such as Notepad. Once the list has been selected, copy it as shown below in Figure 7. Next, double-click the list of ciphers and select the entire list as shown below in Figure 6. Under the SSL Cipher Suite Order, click the Enabled option as shown below in Figure 5. Under SSL Configuration Settings, double-click the entry for SSL Cipher Suite Order as shown below in Figure 4. Getting to the SSL Configuration Settings. ![]() Running the Group Policy Editor in Windows 10 Pro as an administrator.įrom the console, use the following menu path:īelow, Figure 3 shows how to find SSL Configuration Settings. Open the Group Policy Management Console gpedit.msc as an administrator as shown below in Figure 2. Microsoft has published details on removing configuration options that support forward secrecy in the articles, “ Manage Transport Layer Security (TLS)” and “ Prioritizing Schannel Cipher Suites.” Below is a step-by-step process that we used. Therefore, we had to remove configuration options that support forward secrecy on the RDP client.įor this tutorial, our RDP client was a host running Windows 10 Pro. With forward secrecy, we cannot decrypt SSL/TLS traffic using a single private encryption key from the RDP server. These types of ciphers create multiple session keys for an SSL/TLS connection. Some encryption ciphers provide forward secrecy, which is also known as perfect forward secrecy. Step 2: Remove Forward Secrecy Ciphers From RDP Client We recorded network traffic from an RDP session between these two hosts from the virtual LAN. One of the hosts acted as an RDP client, and the other acted as an RDP server. Our lab environment contained two Windows 10 hosts. The basic structure of our lab used for this tutorial is shown below in Figure 1. This tutorial does not cover setting up virtual machines (VMs) in a virtual environment. VirtualBox is free, while VMware is a commercial product. ![]() The two most common virtual environments for this type of analysis are VirtualBox or VMware Workstation for Windows and Linux. Step 4: Capture RDP traffic between the RDP server and Windows client. Step 3: Obtain the RDP server's private encryption key. Step 2: Remove forward secrecy ciphers from the RDP client. Step 1: Set up a virtual environment with two hosts, one acting as an RDP client and one acting as an RDP server. The overall process follows seven general steps: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |