• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 14906
  • Last Modified:

Is Remote Desktop Safe?

Hello my friends,

I was just wondering if using Remote Desktop in Windows Server 2003 is completely safe.  Can I Remote Desktop to another computer for long periods of time without having to worry about naughty hackers getting hold of my system or putting viruses into it?

Thank you so much,


Jazon Samillano
<< URL removed by Humeniuk - page editor, see www.experts-exchange.com/help.jsp#hi106 >>
0
piratepatrol
Asked:
piratepatrol
  • 3
  • 3
  • 2
3 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
First, unless you're running a business where intellectual property is a strong part of your business model or your marketing plans will have a significant impact on the market in general, don't start thinking everyone's out to get you.  They aren't.  The VAST majority of "hackers" are trying to use your system for either storage or a coordinated attack on another web site.  No one "puts" a virust on a computer either.  Security holes in Windows and/or poor practices (allowing/using File Sharing Programs such as Kazaa), not running up to date antivirus and/or accepting Office documents from others who might be infected are the most frequent and likely methods of infection.

All that said, If you are going to allow the Remote Desktop port to be open, then there's a security risk.  Significant?  I don't think so, but if you want to be SAFE, you'll setup a VPN.  Then you can VPN to the server and connect over a secure connection.

You can also try RDP over SSH - here's some links for products and info:
http://www.wissh.com/
http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
0
 
Rich RumbleSecurity SamuraiCommented:
RD is pretty safe, and you can even turn up the default encryption to a higher bit if you prefer. SSH or any other tunneling protocol is a bit much in my opinion, as I have yet to be able to find a cracker for a "sniffed" RD/TS session, and the only plaintext that can be sniffed from a terminal service/remote desktop session is the username, and that's only when you first log on the the pc your TS/RD'ing to. Here is how you turn up the encryption level on RD (it's done on the server, the client will be instructed to use a higher level)
http://support.microsoft.com/default.aspx?scid=kb;en-us;814590 this applies to xp as well

The main security hole with rd/ts is the port is very well known, and most scanners have this one added to their list to look for. But the biggest security hole used to be, that you could find a TS/RD server, and then try to brute force the Local administrator account, because the local admin account can NEVER be locked out, so your free to guess as much as you like. In xp sp2 and in 2003 sp1 (beta) they have added a fix that makes the local admin account "appear" to be locked out to a RD user, if you type the password wrong 6 times I believe. You can still walk of to the key board of the machine and log in as the admin even if RD tells you the account is locked out, which I think is 30 minutes.

leww mentioned using a vpn of tunnel solution such as ipsec or ssh because the port is very well known, and the tunnel adds an extra layer of authentication to the mix, so that only authorized users can access the rd port's because they would be the only ones that can tunnel in to see the port.

with RD you can list users that are allowed to conenct, and you can even change the listening port, here are some of my previous posts on this subject:
http://www.experts-exchange.com/Security/Win_Security/Q_21393332.html#13811913
-rich
0
 
piratepatrolAuthor Commented:
So I can Remote Desktop to a server for hours and hours and not have to worry about a hacker slipping a virus into my server?  Also, the password is sent from my keyboard to the server with encryption, right?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes, the password is encrypted - I've seen this first hand at a test we did at my last job, monitoring packets with a few linux tools.

As we've said, the RDP system is by no means fool proof.  BUT it's not using cleartext either and it does have a level of encryption.  And to be safer, you can use a VPN and/or an SSH tunnel to connect.
0
 
piratepatrolAuthor Commented:
Thank you so much
0
 
Rich RumbleSecurity SamuraiCommented:
Rdp just got less secure...
Cain & Abel v2.7.3 released
New features:
- RDPv4 session sniffer for APR
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.
-rich
0
 
piratepatrolAuthor Commented:
Oh my God, this sucks!  Is it gon'na be up to Microsoft to come up with a patch against this?
0
 
Rich RumbleSecurity SamuraiCommented:
It's hard to patch against properly, in fact M$ has patched this one before, and this arp posioning attack would work best on the lan, or if you gathered enough information about an internet host, you could concieveably do this with some sucess on internet host's. It does require you to have posioning setup prior to a TS/RD session. This isn't much different than the SMBRelay tool's that have been around for some time. Read the PDF on their site for more info, again you'd have to be posioning prior for the attack to work.
http://www.oxid.it/downloads/rdp-gbu.pdf
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now