Welcome to WinForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

RDP security

  
   Windows XP (Home) -> XP Security Admin RSS
Next:  Internet Security  
Author Message
gs

External


Since: Apr 27, 2006
Posts: 83



(Msg. 1) Posted: Sat Dec 08, 2007 10:15 pm
Post subject: RDP security
Archived from groups: microsoft>public>windowsxp>security_admin (more info?)
a consultant told my boss that RDP is not secure and the consultant is
proposing vpn setup. is this true even with all the latest security patch
and the optional allow vista client to log in patch is installed

by default will the rdp client be forced to use 128 bit Kerberos?


I did some Google searching it still leaves me wondering. although the
search result does indicate default secure rdp setup on windows 2003 servers


The way I see using vpn is risky unless the client is manageable and
verified. Ms IT uses radius server, IAS, sql server and a whole bunch of
security infrastructure and framework to achieve security.

in this organization there are only 6 users for remote access and they are
all using XP or vista.

 >> Stay informed about: RDP security 
Back to top
Login to vote
Shenan Stanley

External


Since: Mar 03, 2005
Posts: 2498



(Msg. 2) Posted: Sun Dec 09, 2007 12:02 am
Post subject: Re: RDP security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
gs wrote:
> a consultant told my boss that RDP is not secure and the
> consultant is proposing vpn setup. is this true even with all the
> latest security patch and the optional allow vista client to log in
> patch is installed
> by default will the rdp client be forced to use 128 bit Kerberos?
>
>
> I did some Google searching it still leaves me wondering. although
> the search result does indicate default secure rdp setup on windows
> 2003 servers
>
> The way I see using vpn is risky unless the client is manageable and
> verified. Ms IT uses radius server, IAS, sql server and a
> whole bunch of security infrastructure and framework to achieve
> security.
> in this organization there are only 6 users for remote access and
> they are all using XP or vista.

RDP is secure. RDP uses RSA Security's RC4 cipher, a stream cipher designed
to efficiently encrypt small amounts of data. RC4 is designed for secure
communications over networks. It encrypts data by using a 128-bit key.

Using VPN on top of it just gives one *more* security.

As both are free (other than any charge to get it setup, albeit pretty
simplistic to do in my opinion) I see no harm in using both. In fact - by
using a VPN tunnel - you eliminate the larger 'security risk' in my opinion
of Remote Desktop - the open port 3389 to the outside world. By only
opening that port to the local network and using a VPN session to become a
part of that local network before using remote desktop, you have made the
footprint of vulnerability smaller.

Make sure you use the 6.0 or later version!

As far as the VPN tunnel being a NECESSITY - not really. I guess it depends
on what you see as a risk and what type of setup you already have (what else
you would get out of such a setup, etc.) How you connect to the internet
even. I mean - you could even have a router with built-in VPN capability
installed so that you VPN into the router and then you can remote desktop to
a computer behind it for the most simplistic overall solution.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 >> Stay informed about: RDP security 
Back to top
Login to vote
rewired

External


Since: Dec 09, 2007
Posts: 1



(Msg. 3) Posted: Sun Dec 09, 2007 8:44 am
Post subject: Re: RDP security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> RDP is secure. RDP uses RSA Security's RC4 cipher, a stream cipher designed
> to efficiently encrypt small amounts of data. RC4 is designed for secure
> communications over networks. It encrypts data by using a 128-bit key.
>

According to my experience RDP still is vulnerable to man-in-the-middle
attacks and cant be used securely without an extra layer of protection
between the client and the server. Although the protocol uses RSA
encryption it does in the Windows XP/2000/2003 implementations not warn
the user when the certificate cant be validated so the user cant be sure
if the password is intercepted or not. See this whitepaper for more
information http://www.oxid.it/downloads/rdp-gbu.pdf
Using an SSH/VPN tunnel on top of RDP can add an extra bit of security
to the protocol.
 >> Stay informed about: RDP security 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
lan security - I have 2 computers that connect directly to the internet through the same hub. I tried to set up a link between the computers to share files, etc., and a message came up that people on the internet could gain access to the computer if I did that. Is....

lan security - I have 2 computers that connect directly to the internet through the same hub. I tried to set up a link between the computers to share files, etc., and a message came up that people on the internet could gain access to the computer if I did that. Is....

How to? XP security - Hello sir, Please try to help me sir. I have big problem. On my home computer, I have Win xp sp2 with NTFS file system installed on c drive. I have 2 users on it. Admin and User account. Simple File sharing is disabled on my pc. Now I don't want user....

U3 security - I just bought a new flashdrive which has U3 installed on it. One of its options is to give it a security password. Something tells me this is probably not a very secure password. Is it? If not, how would one better secure a flashdrive from..

U3 security - I just bought a new flashdrive which has U3 installed on it. One of its options is to give it a security password. Something tells me this is probably not a very secure password. Is it? If not, how would one better secure a flashdrive from..
   Windows XP (Home) -> XP Security Admin All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum

Categories:
  Windows XP
 Windows Vista!
 Win 2000/NT/98/ME

[ Contact us | Terms of Service/Privacy Policy ]