Remote desktop connection!!

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Is remote desktop connection secure? I have a firewall router at home and
at the office.

Thank you for your help in advance!

Candace Sparks
8 answers Last reply
More about remote desktop connection
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    There is the Windows-XP firewall at either end. The thing I'm not sure about
    is how to connect to the computer given that it is not in my local network
    and not part of another network having any static IP addresses. Thanks a lot
    for the help.

    "Candace Sparks" wrote:

    > Is remote desktop connection secure? I have a firewall router at home and
    > at the office.
    >
    > Thank you for your help in advance!
    >
    > Candace Sparks
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I have a static private IP address on my computer at the office, I port
    forwarded 3389 to that IP address. At home, I have a static private IP
    address and I also forwarded port 3389 to that IP address. I do not think I
    had to do that at home. I just type in the address of the computer at work,
    and I can connect.

    Candace Sparks

    "JTP" <JTP@discussions.microsoft.com> wrote in message
    news:1B77AC45-2B66-44AB-8F9E-E58349CA697F@microsoft.com...
    > There is the Windows-XP firewall at either end. The thing I'm not sure
    > about
    > is how to connect to the computer given that it is not in my local network
    > and not part of another network having any static IP addresses. Thanks a
    > lot
    > for the help.
    >
    > "Candace Sparks" wrote:
    >
    >> Is remote desktop connection secure? I have a firewall router at home
    >> and
    >> at the office.
    >>
    >> Thank you for your help in advance!
    >>
    >> Candace Sparks
    >>
    >>
    >>
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    This article explains RDP encryption a bit..

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/remote_desktop_protocol.asp

    Use a *STRONG* password and limit access to your account only...

    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/pree_rem_hzcq.asp

    If you want additional security run Remote Desktop through a VPN or SSH tunnel.

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Candace Sparks" <rsparks24@comcast.net> wrote in message news:C4Cdnek2o89jg3_cRVn-pA@comcast.com...
    > Is remote desktop connection secure? I have a firewall router at home and at the office.
    >
    > Thank you for your help in advance!
    >
    > Candace Sparks
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Look at this page for help...

    http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "JTP" <JTP@discussions.microsoft.com> wrote in message
    news:1B77AC45-2B66-44AB-8F9E-E58349CA697F@microsoft.com...
    > There is the Windows-XP firewall at either end. The thing I'm not sure about
    > is how to connect to the computer given that it is not in my local network
    > and not part of another network having any static IP addresses. Thanks a lot
    > for the help.
    >
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    sorry Candace.
    when i first recommended you try this group, i really thought you would
    get some intelligent answers, not guesses and links to useless web pages
    that describe how to install and use it (which was not your question to
    begin with).

    hoping to answer your original question (how secure is it ?), here is my
    best understanding of what little info i have gathered. in cases where
    all inbound traffic for port #### is forwarded straight into the PC, the
    hardware firewall/router adds no protection whatsoever from attacks
    directed to port ####. but users with dynamic IP addresses have no
    alternative, when using Remote Desktop Connection. However, since you
    have static IPs at both ends, the solution to this problem is as easy as
    setting up your firewall to respond to Nobody on port 3389, except the
    static IP address of the remote PC.

    since every hacker knows Remote Desktop Connection listens to port 3389,
    another step you could take to increase your security would be to change
    the port RDC listens to, according to instructions in MS Knowledge Base
    article Q187623. this only addresses security of inbound communication.

    Secunia.com indicates the encryption used by Remote Desktop Connection
    is vulnerable, because the encrypted representation of the character is
    the same every time you type it. See
    http://secunia.com/advisories/7118/ Therefore, you do not want to use
    RDC to transfer info about proprietary company data or your personal
    identity. Secunia.com also indicates a vulnerability that could crash
    the Remote Desktop service on XP Pro, if a maliciously crafted packet is
    injected when the login screen is drawn during negotiation. See
    http://secunia.com/advisories/7121/

    if any communication between PCs involves transmittal of proprietary
    company data or personal identity, then you would be safer using a
    Virtual Private Network connection on both PCs, because the encryption
    is much better. Nothing i could see in Secunia.com indicates a
    vulnerability in Remote Desktop Connection that would put your PC files
    at risk, or allow an attacker to take control of your PC.

    once a client logs into the remote PC (your office or home PC), then
    security is only as good as the permissions and rights of the account
    used to log in with. therefore, you want to limit the permissions and
    rights of the account used to log in with. for example, you might want
    to only allow log in with a Limited Account, that prevents changes to
    file/folder ownership, prevents installation of programs, prevents
    changes to your Windows system folder, etc., only allowing execution of
    programs and modification of files within the account's personal profile.


    Candace Sparks wrote:
    > Is remote desktop connection secure? I have a firewall router at home and
    > at the office.
    >
    > Thank you for your help in advance!
    >
    > Candace Sparks
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    JW <JustPostYourReply@ToThisNewsGroup.pls> wrote:

    > Secunia.com indicates the encryption used by Remote Desktop Connection
    > is vulnerable, because the encrypted representation of the character
    > is the same every time you type it. See
    > http://secunia.com/advisories/7118/

    That site also says that weakness was fixed by updates in September 2002.
    Not a current problem.

    --
    Robin Walker [MVP Networking]
    rdhw@cam.ac.uk
  7. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    you used the word "fixed", but a simple search on the web page reveals
    the word "fixed" only occurs in One place --- in the following text :


    "If Windows XP Professional Service Pack 1 has been installed, the
    issues are less critical, Remote Desktop no longer crashes, and the
    keystroke vulnerability is more difficult to abuse, but it is not fixed
    as it is a basic design flaw."


    Note that the Text in the web page you refer is clearly "not fixed"

    Therefore you are wrong about the web page. According to Secunia, the
    problem is "not fixed". Maybe what you meant to say is the term Secunia
    used in their text --- "less critical" or "more difficult to abuse".


    Robin Walker [MVP] wrote:
    > JW <JustPostYourReply@ToThisNewsGroup.pls> wrote:
    >
    >
    >>Secunia.com indicates the encryption used by Remote Desktop Connection
    >>is vulnerable, because the encrypted representation of the character
    >>is the same every time you type it. See
    >>http://secunia.com/advisories/7118/
    >
    >
    > That site also says that weakness was fixed by updates in September 2002.
    > Not a current problem.
    >
  8. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I would like to know that the solution I use for connecting to the home
    computer is secure. I do not know how to set up a VPN. I have a VPN router
    on the home network' running Windows 2000 server on the office end. What we
    are trying to do is backup several data folders to the home computer.

    Thanks your your help in advance!

    Candace Sparks
    "JW" <JustPostYourReply@ToThisNewsGroup.pls> wrote in message
    news:jLEEd.98137$uM5.93279@bgtnsc05-news.ops.worldnet.att.net...
    > you used the word "fixed", but a simple search on the web page reveals
    > the word "fixed" only occurs in One place --- in the following text :
    >
    >
    > "If Windows XP Professional Service Pack 1 has been installed, the issues
    > are less critical, Remote Desktop no longer crashes, and the keystroke
    > vulnerability is more difficult to abuse, but it is not fixed as it is a
    > basic design flaw."
    >
    >
    > Note that the Text in the web page you refer is clearly "not fixed"
    >
    > Therefore you are wrong about the web page. According to Secunia, the
    > problem is "not fixed". Maybe what you meant to say is the term Secunia
    > used in their text --- "less critical" or "more difficult to abuse".
    >
    >
    > Robin Walker [MVP] wrote:
    >> JW <JustPostYourReply@ToThisNewsGroup.pls> wrote:
    >>
    >>
    >>>Secunia.com indicates the encryption used by Remote Desktop Connection
    >>>is vulnerable, because the encrypted representation of the character
    >>>is the same every time you type it. See
    >>>http://secunia.com/advisories/7118/
    >>
    >>
    >> That site also says that weakness was fixed by updates in September 2002.
    >> Not a current problem.
    >>
Ask a new question

Read More

Remote Desktop Connection Microsoft Windows XP