Windows Server 2003 Remote Desktop Security

Posted on 2004-10-22
Last Modified: 2010-04-11
We currently are using a lot of HP IP KVM Console switches to provide remote access to all of servers (NT4, 2000, 2003).  However, we find that these are very difficult to use, except for emergencies, and would like to implement Remote Desktop when the servers are upgraded.

Before doing this we would like to fully understand the security implications of doing this.  I am therefore looking for some documentation that details the security differences between enabling remote desktop and using the IP KVM.
Question by:jzh0g0
    LVL 14

    Accepted Solution

    MS Remote desktop is reasonably well thought out from a security standpoint and can be a very secure solution if:
    o Your Windows domain is reasonably secure
    o The desktops you'll be using as clients are reasonably secure (you don't want someone to hack your desktop and then get a free ride onto the server when you use a remote desktop - yes, such attacks have actually happened in the real world.
    o You tunnel it through a VPN when going over the open Internet (two layers of protection is better than one, especially when all the things we're talking about have had flaws discovered in them at one time or another - I wouldn't run SSH raw over the Internet either)

    As for how the HP IP KVM switches stack up, I'm guessing that they don't. HP doesn't have the best track record at thinking about security in their management solutions, and the only information on security issues of HP's IP KVM switches I dould find on HP's website was "Security for servers is controlled by a database of user names with multiple security levels that is configured and saved on the switch." Drilling down into whitepapers, FAQ's, and other resources on their website revealed a lack of any further information.
    LVL 12

    Assisted Solution

    First, I agree with Chris above I have all of my remote users remote desktop through a VPN connection, but also wanted to provide you with some reading material =)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now