Name

Distinguished
Jan 12, 2003
160
0
18,680
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

My question is about the security of Remote Desktop. I have heard elswhere
that RDP communication is/maybe encrypted.

Can anybody elaborate on what kind of encryption this is, can it be turned
on/off. What is the default status?

Are there any flaws in this encryption so that we will need another VPN to
pass the RDP connection thru?

Thanks for any help,
Regards
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Read all about it here...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/remote_desktop_protocol.asp

If you need to feel safer run RDP though a VPN or SSH tunnel.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Name" <validemail@com> wrote in message news:OzFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> My question is about the security of Remote Desktop. I have heard elswhere that RDP communication
> is/maybe encrypted.
>
> Can anybody elaborate on what kind of encryption this is, can it be turned on/off. What is the
> default status?
>
> Are there any flaws in this encryption so that we will need another VPN to pass the RDP connection
> thru?
>
> Thanks for any help,
> Regards
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I think Al's links are authoritative.

There have been flaws in the RDP encryption system in the past, but they are
long since patched:

http://www.microsoft.com/technet/security/bulletin/MS02-051.mspx

RDP alone as a protocol is vulnerable to a man in the middle attack.

Such an attack is not easy to mount, but note this evidence:

http://bitstop.com.ph/archive/2004/11/16/609.aspx

Here's a description of the issue:

http://www.windowsitpro.com/WindowsSecurity/Articles/ArticleID/38589/pg/2/2.html

RDP hasn't been changed to eliminate this problem. Running RDP within a VPN
tunnel helps.

The other issue with RDP are brute force attacks on the password.

There are automated mechanisms out there and in use performing such attacks,
so use a strong password.

"Name" <validemail@com> wrote in message
news:OzFk97S3EHA.1152@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> My question is about the security of Remote Desktop. I have heard elswhere
> that RDP communication is/maybe encrypted.
>
> Can anybody elaborate on what kind of encryption this is, can it be turned
> on/off. What is the default status?
>
> Are there any flaws in this encryption so that we will need another VPN to
> pass the RDP connection thru?
>
> Thanks for any help,
> Regards
>