$64,000 Question -- How secure is Remote Desktop?

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Ok, here's the $64,000 Question -- How secure is Remote Desktop? I have
opened a "hole" in my SOHO firewall and forwarded port 3389 to my WinXP Pro
machine. I'm surprised by how well it works. However, I'm a little worried
that I've just opened a myself up to all manner of nefarious attacks. Are
there any other security precautions I should take, or will Remote Desktop
be secure enough all by itself? What are the rest of you doing?

Larry
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

From a recent NG post by Patrick Rouse:

----
Opening port 3389 is as secure as (if not more than) HTTPS or
non-certificate based VPN, as all traffic is encrypted within the RDP
Packets. If you require a higher level of security, i.e. to limit which
computer can connect to your terminal servers, you can look into IPSec/L2TP
VPN or simpler (to implement) 3rd party solutions like his SecureRDP or one
called WiSSH.

http://www.workthin.com/tsao.htm

Larry Schwartz wrote:
> Ok, here's the $64,000 Question -- How secure is Remote Desktop? I
> have opened a "hole" in my SOHO firewall and forwarded port 3389 to
> my WinXP Pro machine. I'm surprised by how well it works. However,
> I'm a little worried that I've just opened a myself up to all manner
> of nefarious attacks. Are there any other security precautions I
> should take, or will Remote Desktop be secure enough all by itself?
> What are the rest of you doing?
>
> Larry
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I have heard that it is better if you change the listening port to some
unknown number then access via IPAddress:NewPortnumber. This requires a
registry hack -
http://support.microsoft.com/default.aspx?scid=kb;en-us;187623



"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:eHnnD0nQEHA.1348@TK2MSFTNGP12.phx.gbl...
> From a recent NG post by Patrick Rouse:
>
> ----
> Opening port 3389 is as secure as (if not more than) HTTPS or
> non-certificate based VPN, as all traffic is encrypted within the RDP
> Packets. If you require a higher level of security, i.e. to limit which
> computer can connect to your terminal servers, you can look into
IPSec/L2TP
> VPN or simpler (to implement) 3rd party solutions like his SecureRDP or
one
> called WiSSH.
>
> http://www.workthin.com/tsao.htm
>
> Larry Schwartz wrote:
> > Ok, here's the $64,000 Question -- How secure is Remote Desktop? I
> > have opened a "hole" in my SOHO firewall and forwarded port 3389 to
> > my WinXP Pro machine. I'm surprised by how well it works. However,
> > I'm a little worried that I've just opened a myself up to all manner
> > of nefarious attacks. Are there any other security precautions I
> > should take, or will Remote Desktop be secure enough all by itself?
> > What are the rest of you doing?
> >
> > Larry
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Thanks for the info, but my biggest worry is that the open port could be
used as a vehicle for attacks on my machine . . . I'm just trying to figure
out if there's something I should be doing about it.

Larry


> From a recent NG post by Patrick Rouse:
>
> ----
> Opening port 3389 is as secure as (if not more than) HTTPS or
> non-certificate based VPN, as all traffic is encrypted within the RDP
> Packets. If you require a higher level of security, i.e. to limit which
> computer can connect to your terminal servers, you can look into
IPSec/L2TP
> VPN or simpler (to implement) 3rd party solutions like his SecureRDP or
one
> called WiSSH.
>
> http://www.workthin.com/tsao.htm
>
> Larry Schwartz wrote:
> > Ok, here's the $64,000 Question -- How secure is Remote Desktop? I
> > have opened a "hole" in my SOHO firewall and forwarded port 3389 to
> > my WinXP Pro machine. I'm surprised by how well it works. However,
> > I'm a little worried that I've just opened a myself up to all manner
> > of nefarious attacks. Are there any other security precautions I
> > should take, or will Remote Desktop be secure enough all by itself?
> > What are the rest of you doing?
> >
> > Larry
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

RDP is inherently secure, as the info being transimtted is encrypted and mostly bits of images. The only info being transitted are the changes of the screen, print jobs & file copy. All of these happens over port 3389 for RDP, regardless of the info being sent. If you do expose your machine to the Internet via Port 3389, or any other port for Remote Desktop, make sure you use a complex password, i.e. 8-15 characters, upper & lower case, numbers, special characters and hidden characters if you're really paranoid. Also good to not allow the administrator account to logon via Remote Desktop.

1. I have never heard of a packet sniffer that can reassemble RDP packets into meaningful data.
2. Changing the default port from 3389 to something else would only be obscuring the target enough to stop the most unskilled hacker, who wouldn't have the know-how to to break into your system without an automated tool (i.e. script-kiddie tools). Anyone smart enough to break-in is more than capable of finding your port, so changing ports in my opinion is equivalent to closing a door, as opposed to leaving it open. Neither is secure, but one sticks out.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com

----- Larry Schwartz wrote: -----

Thanks for the info, but my biggest worry is that the open port could be
used as a vehicle for attacks on my machine . . . I'm just trying to figure
out if there's something I should be doing about it.

Larry


> From a recent NG post by Patrick Rouse:
>> ----
> Opening port 3389 is as secure as (if not more than) HTTPS or
> non-certificate based VPN, as all traffic is encrypted within the RDP
> Packets. If you require a higher level of security, i.e. to limit which
> computer can connect to your terminal servers, you can look into
IPSec/L2TP
> VPN or simpler (to implement) 3rd party solutions like his SecureRDP or
one
> called WiSSH.
>> http://www.workthin.com/tsao.htm
>> Larry Schwartz wrote:
>> Ok, here's the $64,000 Question -- How secure is Remote Desktop? I
>> have opened a "hole" in my SOHO firewall and forwarded port 3389 to
>> my WinXP Pro machine. I'm surprised by how well it works. However,
>> I'm a little worried that I've just opened a myself up to all manner
>> of nefarious attacks. Are there any other security precautions I
>> should take, or will Remote Desktop be secure enough all by itself?
>> What are the rest of you doing?
>>>> Larry
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

That just makes it a bit more difficult for port scanners, though...

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Tue, 25 May 2004 16:13:12 -0500, "Niel Bullock"
<niel_bullock@hotmail.com> wrote:

>I have heard that it is better if you change the listening port to some
>unknown number then access via IPAddress:NewPortnumber. This requires a
>registry hack -
>http://support.microsoft.com/default.aspx?scid=kb;en-us;187623
>
>
>
>"Lanwench [MVP - Exchange]"
><lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
>news:eHnnD0nQEHA.1348@TK2MSFTNGP12.phx.gbl...
>> From a recent NG post by Patrick Rouse:
>>
>> ----
>> Opening port 3389 is as secure as (if not more than) HTTPS or
>> non-certificate based VPN, as all traffic is encrypted within the RDP
>> Packets. If you require a higher level of security, i.e. to limit which
>> computer can connect to your terminal servers, you can look into
>IPSec/L2TP
>> VPN or simpler (to implement) 3rd party solutions like his SecureRDP or
>one
>> called WiSSH.
>>
>> http://www.workthin.com/tsao.htm
>>
>> Larry Schwartz wrote:
>> > Ok, here's the $64,000 Question -- How secure is Remote Desktop? I
>> > have opened a "hole" in my SOHO firewall and forwarded port 3389 to
>> > my WinXP Pro machine. I'm surprised by how well it works. However,
>> > I'm a little worried that I've just opened a myself up to all manner
>> > of nefarious attacks. Are there any other security precautions I
>> > should take, or will Remote Desktop be secure enough all by itself?
>> > What are the rest of you doing?
>> >
>> > Larry
>>
>>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Like Patrick said - PASSWORD SECURITY.. You could protect the service
all you want but if you use a weak password, all of that work would be
for naught...

Other options are VPN's - it would provide an additional layer of
complexity to hack through - although that layer of complexity makes
setup a bit more difficult.

Enable system hardening via Group Policy. Set the lockout parameters
(but remember to set the reset time for this)...

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Tue, 25 May 2004 11:50:34 -0500, "Larry Schwartz"
<LESchwartz-NoSpam@VictorInc.com> wrote:

>Ok, here's the $64,000 Question -- How secure is Remote Desktop? I have
>opened a "hole" in my SOHO firewall and forwarded port 3389 to my WinXP Pro
>machine. I'm surprised by how well it works. However, I'm a little worried
>that I've just opened a myself up to all manner of nefarious attacks. Are
>there any other security precautions I should take, or will Remote Desktop
>be secure enough all by itself? What are the rest of you doing?
>
>Larry
>