Best Practices for securing RDC???

[Gary Smith]

Good Afternoon All,

I haven't been able to find Microsoft Perscriptive
Guidance for securing Windows XP RDC connections. Any
advice?

Thanks,

-Gary

 

[Miha Pihler]

What would you like to secure? RDP is encrypted with 128 bit by default (you
can set it higher or lover).

Personally if I use RDP to access remote server over internet I use regular
password. Once I am on server I use RDP to connect to internal servers using
e.g. administrator password...

Once user is on server it is as if he would be on server itself so it is up
to administrator to remove any access tools using group or local policy...

I hope this helps you out,

Mike

 

[Gary Smith]

Thanks Mike.

Initial thoughts for securing the connection include ...
- removing 'administrators' group from being eligible for RDC connection -
allow only the user who normally uses the computer to be able to connect
- only allowing remote connections if the terminal is currently logged in,
and then only allow the currently logged in user to connect
- If you 'save password' in a RDC file, how secure is it? Are there any
known vulnerabilities?
- Are there any local security policy settings that can be tweaked like "if
XX failed connection attempts disable the service and make a note in the
event log"

I was hoping either someone could point me towards Microsoft's, or there was
a commonly implemented checklist of things to do...

-Gary

 

[Miha Pihler]

I think it is possible to achieve what you want with Remote Assistance.

* users would actually have to invite someone over to help them (they can
invite them using IM, e-mail or password file)
* even if user is invited the user behind PC has to approve the connection
* I never tried how hard it is to crack Remote Assistance password . Well
I think it's pretty secure specially since you can set up that it expires
after e.g. 1 hour (but you shouldn't leave it blank). Instruct users to use
strong and hard to guess password...

Mike