Remote Desktop Security

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

My question is about the security of Remote Desktop. I have heard elswhere
that RDP communication is/maybe encrypted.

Can anybody elaborate on what kind of encryption this is, can it be turned
on/off. What is the default status?

Are there any flaws in this encryption so that we will need another VPN to
pass the RDP connection thru?

Thanks for any help,
Regards
2 answers Last reply
More about remote desktop security
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Read all about it here...

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/remote_desktop_protocol.asp

    If you need to feel safer run RDP though a VPN or SSH tunnel.

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Name" <validemail@com> wrote in message news:OzFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
    > Hi,
    >
    > My question is about the security of Remote Desktop. I have heard elswhere that RDP communication
    > is/maybe encrypted.
    >
    > Can anybody elaborate on what kind of encryption this is, can it be turned on/off. What is the
    > default status?
    >
    > Are there any flaws in this encryption so that we will need another VPN to pass the RDP connection
    > thru?
    >
    > Thanks for any help,
    > Regards
    >
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I think Al's links are authoritative.

    There have been flaws in the RDP encryption system in the past, but they are
    long since patched:

    http://www.microsoft.com/technet/security/bulletin/MS02-051.mspx

    RDP alone as a protocol is vulnerable to a man in the middle attack.

    Such an attack is not easy to mount, but note this evidence:

    http://bitstop.com.ph/archive/2004/11/16/609.aspx

    Here's a description of the issue:

    http://www.windowsitpro.com/WindowsSecurity/Articles/ArticleID/38589/pg/2/2.html

    RDP hasn't been changed to eliminate this problem. Running RDP within a VPN
    tunnel helps.

    The other issue with RDP are brute force attacks on the password.

    There are automated mechanisms out there and in use performing such attacks,
    so use a strong password.

    "Name" <validemail@com> wrote in message
    news:OzFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
    > Hi,
    >
    > My question is about the security of Remote Desktop. I have heard elswhere
    > that RDP communication is/maybe encrypted.
    >
    > Can anybody elaborate on what kind of encryption this is, can it be turned
    > on/off. What is the default status?
    >
    > Are there any flaws in this encryption so that we will need another VPN to
    > pass the RDP connection thru?
    >
    > Thanks for any help,
    > Regards
    >
Ask a new question

Read More

Remote Desktop Encryption Security Windows XP