Sign in with
Sign up | Sign in
Your question

Remote Desktop Security

Tags:
  • Remote Desktop
  • Encryption
  • Security
  • Windows XP
Last response: in Windows XP
Share
December 8, 2004 7:04:28 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

My question is about the security of Remote Desktop. I have heard elswhere
that RDP communication is/maybe encrypted.

Can anybody elaborate on what kind of encryption this is, can it be turned
on/off. What is the default status?

Are there any flaws in this encryption so that we will need another VPN to
pass the RDP connection thru?

Thanks for any help,
Regards

More about : remote desktop security

Anonymous
a b 8 Security
December 8, 2004 7:04:29 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Read all about it here...

http://msdn.microsoft.com/library/default.asp?url=/libr...

If you need to feel safer run RDP though a VPN or SSH tunnel.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Name" <validemail@com> wrote in message news:o zFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> My question is about the security of Remote Desktop. I have heard elswhere that RDP communication
> is/maybe encrypted.
>
> Can anybody elaborate on what kind of encryption this is, can it be turned on/off. What is the
> default status?
>
> Are there any flaws in this encryption so that we will need another VPN to pass the RDP connection
> thru?
>
> Thanks for any help,
> Regards
>
Anonymous
a b 8 Security
December 8, 2004 7:04:29 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I think Al's links are authoritative.

There have been flaws in the RDP encryption system in the past, but they are
long since patched:

http://www.microsoft.com/technet/security/bulletin/MS02...

RDP alone as a protocol is vulnerable to a man in the middle attack.

Such an attack is not easy to mount, but note this evidence:

http://bitstop.com.ph/archive/2004/11/16/609.aspx

Here's a description of the issue:

http://www.windowsitpro.com/WindowsSecurity/Articles/Ar...

RDP hasn't been changed to eliminate this problem. Running RDP within a VPN
tunnel helps.

The other issue with RDP are brute force attacks on the password.

There are automated mechanisms out there and in use performing such attacks,
so use a strong password.

"Name" <validemail@com> wrote in message
news:o zFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> My question is about the security of Remote Desktop. I have heard elswhere
> that RDP communication is/maybe encrypted.
>
> Can anybody elaborate on what kind of encryption this is, can it be turned
> on/off. What is the default status?
>
> Are there any flaws in this encryption so that we will need another VPN to
> pass the RDP connection thru?
>
> Thanks for any help,
> Regards
>
!