RDC password transmit security

Hi,
I want to setup a Remote Desktop Connection from my XP laptop over the internet to a Windows 2000 Server running Terminal Services. There is a concern that when connecting using RDC the password is sent in plain text. Can someone confirm this for me, or point me to where I can find out for sure.
If this is the case, what can be done to increase the security of the password info being sent.
Thanks,
Bill
westoneAsked:
Who is Participating?
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
TS (aka remotedesktop) uses RDP, all information is encoded/encrypted. No password is sent in plain text. I've looked into this many times, you can use a program like ethereal to see, the username however is PT!! At least from my experiments it is.
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html Remember the encryption level is set on the server, not the client connecting to the server. (low encryption is the defualt)

As far as I can tell, there are no real RDP type "crackers"- something that can decrypt what is being sent between host's, without knowledge of the cookie/token exchanged between to two. There are BruteForcers for the password's and usernames. These BF programs will try a username, then start sending passwords, from a dictionary, or generated to try to guess their way into a server. I recommend to my clients to change the port that your TS listen's on, and if using XP to connect to a TS, you can specify this port in the "connect to" field. Connect to: 10.10.10.10:9742  The colon then the port number. If using win2k or lesser to connect to a TS with a port other than 3389, you need to create a CNS file... see the article below.

TS is just like being at the console of a PC or server, even if it's in a domain or AD- with TS YOU CANNOT BE LOCKED OUT BY GUESSING PASSWORDS. You can be disconnected after a few attempts... however you can reconnect as you wish and resume. This is by no means quick, but if someone want's in, they'll keep at it. Change the default port if possible.

Also, you can use a VPN to connect to a server with an encrypted tunnel, then use TS, this will easily increase the security of your transmissions.
http://support.microsoft.com/default.aspx?scid=187623 (change the ts ports)
http://support.microsoft.com/default.aspx?scid=kb;en-us;326945
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759 (xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;304304 (xp)
GL!
-rich
0
 
westoneAuthor Commented:
Just what I needed to know, Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.