Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

RDC password transmit security

Posted on 2004-03-31
2
684 Views
Last Modified: 2013-12-04
Hi,
I want to setup a Remote Desktop Connection from my XP laptop over the internet to a Windows 2000 Server running Terminal Services. There is a concern that when connecting using RDC the password is sent in plain text. Can someone confirm this for me, or point me to where I can find out for sure.
If this is the case, what can be done to increase the security of the password info being sent.
Thanks,
Bill
0
Comment
Question by:westone
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 10728890
TS (aka remotedesktop) uses RDP, all information is encoded/encrypted. No password is sent in plain text. I've looked into this many times, you can use a program like ethereal to see, the username however is PT!! At least from my experiments it is.
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html Remember the encryption level is set on the server, not the client connecting to the server. (low encryption is the defualt)

As far as I can tell, there are no real RDP type "crackers"- something that can decrypt what is being sent between host's, without knowledge of the cookie/token exchanged between to two. There are BruteForcers for the password's and usernames. These BF programs will try a username, then start sending passwords, from a dictionary, or generated to try to guess their way into a server. I recommend to my clients to change the port that your TS listen's on, and if using XP to connect to a TS, you can specify this port in the "connect to" field. Connect to: 10.10.10.10:9742  The colon then the port number. If using win2k or lesser to connect to a TS with a port other than 3389, you need to create a CNS file... see the article below.

TS is just like being at the console of a PC or server, even if it's in a domain or AD- with TS YOU CANNOT BE LOCKED OUT BY GUESSING PASSWORDS. You can be disconnected after a few attempts... however you can reconnect as you wish and resume. This is by no means quick, but if someone want's in, they'll keep at it. Change the default port if possible.

Also, you can use a VPN to connect to a server with an encrypted tunnel, then use TS, this will easily increase the security of your transmissions.
http://support.microsoft.com/default.aspx?scid=187623 (change the ts ports)
http://support.microsoft.com/default.aspx?scid=kb;en-us;326945
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759 (xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;304304 (xp)
GL!
-rich
0
 

Author Comment

by:westone
ID: 10731474
Just what I needed to know, Thanks!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question