WiFi Hotspots and Remote Desktop

Posted on 2006-03-29
Medium Priority
Last Modified: 2012-05-05
I'd like an assesment of just how "safe" it is to use Remote Desktop at free public hotspots. (i.e., any "unsecured" wiFi network.)

I would assume that if you are using a standard WindowsXP notebook that is properly up-to-date with security patches, the act of connecting to the WiFi hotspot is, in and of itself, no more or less risky than simply connecting to some "unknown network" with an ethernet cable. From a security standpoint, this would be much like walking into any random office building and finding that their receptionist in the lobby hands you the end of a CAT-5 cable saying "feel free to connect to the internet while you are waiting." You'd be concerned that you have no idea what other workstations you are now visible to, or what infections they might have, or if they have a sniffer on the network, etc. but if your notebook was patched, just connecting is arguably not going to get you infected/compromised. (Feel free to correct me if you think my first assumption here is incorrect.)

The next question, of course, is that if the network is really (in the worst case scenario) a "poisoned hotspot" with a sniffer on it, how does thst impact the saftey of using Remote Desktop? I'm not asking anyone to answer a really broad question about the many different types of traffic that might be "sniffed" on a compromised WiFi network, just Remote Desktop.
Question by:mcj
LVL 32

Expert Comment

ID: 16330945
Well, you don't know when you're dealing with poisoned hotspots or not. If you want to be as safe as possible, you could do something like use a VPN or some sort of proxy. Then your RDP traffic will flow over that. RDP in and of itself is an encrypted protocol (within TCP), but in order to keep yourself as safe as possible, use another layer of protection as already mentioned.

Now if you haven't patched your server running terminal services or Remote Desktop with a patch like this one (http://www.microsoft.com/technet/security/bulletin/MS02-051.mspx), you could have your traffic sniffed and it's big trouble.

This is under the assumption you're connecting to a desktop from outside of the entwork it resides on.

Your comment on the safety of connecting to a Wi-Fi network vs. a wired network is somewhat correct. I get the idea of what you're saying, but Wi-Fi's a lot more open since the signal goes in any given direction, whereas a wired network, the signal is pretty much only going over the wire itself. Pretending we don't know the infrastructure of the network itself (so we can leave the possibility of hubs being in place rather than switches), the security risks are just as large.

But RDP, like SSH, is a safer protocol across unprotected networks than most protocols. Pretty much it's as strong as its known weaknesses (and people's willingness to take the time to try to exploit them).
LVL 32

Expert Comment

ID: 16331507
In general RDP is pretty secure.  Since the link is encrypted even if someone is "sniffing" (which is quite possible and easy to do) they will only see the encrypted traffic once RDP is established.  Your password is not sent in the clear.

If you are still worried, and depending on what's at stake you might want to be, you can choose to run your RDP over a VPN connection.  This will provide two levels of encryption, and different encryption at that so that even if one scheme is compromised the other one will stand up.

Expert Comment

ID: 16338027
Here are some good examples of how to protect yourself!
Packets that are transmitted are basically safe due the extremely high levels of encryption. RDP is connected via 128-bit encryption.  Even if your running a sophisticated router, decryping packets are basically not gonna happen.  There is more risk of hackers getting to your system than having any issues with your system in a Wi-Fi spot.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 58

Accepted Solution

tigermatt earned 100 total points
ID: 16354179
It depends what you are doing over Remote Desktop. If you are viewing some private or confidential documents then I wouldn't recommend that you do it from a public Wi-Fi hotspot, because anyone could have a look at what data you are transmitting. You should either use an encrypted connection or a VPN which goes direct to the server where remote desktop is running.

The machine you are using to connect to the hot spot should also be protected with firewall, anti-virus etc. because otherwise other machines connect to the public network could access your computer as freely as they like, modifying and deleting files, viewing confidential information etc.

Make sure you also use a secure (if possible randomly generated) password on the user account(s) that have permission to connect from outside the network via remote desktop, so that anyone unauthorised who may try to access the Remote system will have a hard job to get in.

Expert Comment

ID: 16355590
Hi mcj,

RDP is actually fairly secure once the connection is established – the encryption is fairly good & secure and your data should not be sniffed. RDP suffered from an RC4 vulnerability back in 2002 but that was patched so unless you are using a very old, un-patched machine you should be fine (if that’s the case you got more to worry ‘bout than this! ).

The safest way would be to set up a VPN connection of some sort then connect your RDP over that. Presumably the machine you are connecting to has 'full' internet connectivity (you are after all connecting to it from the net..) so you then have the added bonus of being able to use the remote machine for the ‘weaker’ protocols (POP etc) without fear of someone sniffing the local wifi network.

One issue to bear in mind is recent versions of Cain & Able have the ability to carry out Man-In-The-Middle attacks on RDP. This is dependent on a successful ARP poisoning attack to have been carried out. That said if someone has successfully ARP’d you then SSH, HTTPS etc are also at risk!

Making sure you use a good VPN solution using certificates and verifying them on connection should protect you from these types of attacks.

All the best & good luck,


Expert Comment

ID: 16381981

Connected RDP (from patched - to - patched) is as secure as SSL in terms of packet sniffing. No problemo - seriously. Hotspots present pre-connection-to-secure packet visibility problems that are well documented above.

If you are really concerned then look at a gateway SSL VPN solution with 2-factor-auth connections. They can help to minimise a lot of the concerns raised above but are (a rapidly reducing) spend.

A missing laptop with through authentication via the 'net to WTS is a big scary thing.

If still requiring client-to-site VPN from untrusted networks then cert based VPNs are the best option - preferably with two-factor on the client VPN connection app.

Not sure if this helps...

Assisted Solution

ChristianJKoch earned 100 total points
ID: 16465556
RDP IS prone to MITM (man-in-the-middle) attacks

Reference - http://pauldotcom.com/oct-2005-oshean.pdf

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question