• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

Remote Desktop Security

I have several servers and want restrict what computers have access to those servers by NOT locking down clients. I run 2000 and 2003 over a cisco backbone. Anything I can do like MAC address filtering over a port for a specific open RD port? Or some sort of MAC access list configured on the server to deny all connections except certain MAC addresses for Remote Desktop only (since we have DHCP and DNS servers).
1 Solution
MAC isnt secure... anybody who's anybody can change their MAC address...

Try implementing some kind of IPSEC authentication
do not filter by mac, filter by ip addresses.
Create inbound access list on your server interface, allow inbound connections to port 3389 (remote desktop) only from allowed clients ips.

something like:

access-list 101 permit tcp  host host 3389
access-list 101 permit tcp host host 3389
access-list 101 deny tcp any any 3389
access-list 101 permit ip any any

Where - server ip, and, - client ips
FubyouAuthor Commented:
IPS are dynamic and in some cases having a static ip is not possible.
Why a IP and not a MAC both can be spoofed.
okay, you can solve this using windows features:

Create domain group and add allowed computer accounts to the group.
Then open 'terminal services configuration' snap-in on the server, go to Propeties of 'RDP-tcp', go to Premissions. Remove Users group and add your new group.
Rich RumbleSecurity SamuraiCommented:
Rdp just got less secure...
Cain & Abel v2.7.3 released
New features:
- RDPv4 session sniffer for APR
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now