How secured is Remote Desktop?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How secured is Remote Desktop in its default settings when both machines are
XP Pro with the latest patches? Obviously the initial handshaking when
username and password are sent is encrypted, but is subsequent data tranfer
also encrypted as well? If so how strong is the encryption?
 
See this page for information concerning RDP encryption...

http://msdn.microsoft.com/library/d...termserv/termserv/remote_desktop_protocol.asp

Personally I run RDP through a Secure Shell (SSH) tunnel both for added
security and for easy access to multiple PCs on my home LAN. In my case I
use a 2048-bit RSA private/public key pair (encrypted with a strong pass
phrase) versus a password (strong or otherwise) for authentication.

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

You could do the same thing, ie. tunnel RDP, through a IPSec/L2TP or SSL VPN
if you wished.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Hi,
How secured is Remote Desktop in its default settings when both
machines are XP Pro with the latest patches? Obviously the initial
handshaking when username and password are sent is encrypted, but is
subsequent data tranfer also encrypted as well?
Yes.

If so how strong is the encryption?
Click to expand...

The highest available encryption level is used by default, which amounts to
128-bit RC4. There are some flaws with it -- plaintext checksums make a
cryptoanalysis attack potentially easier than it should be -- however, it's
still quite well encrypted and the keys are unique to each session.

The single layer of authentication (username and password only) is usually a
more serious problem. For high security requirements, consider wraping RDP
access with a VPN and smart card or certificate authentication.

For personal use, make sure your Windows user accounts have decent
passwords. If you only connect from certain locations (e.g. from the office
to your home computer) you can configure your firewall (or router, if there
is one) to only allow RDP connections from certain IP addresses or address
blocks.

--
Chris Priede




I
 
Back
Top