mcj
asked on
WiFi Hotspots and Remote Desktop
I'd like an assesment of just how "safe" it is to use Remote Desktop at free public hotspots. (i.e., any "unsecured" wiFi network.)
I would assume that if you are using a standard WindowsXP notebook that is properly up-to-date with security patches, the act of connecting to the WiFi hotspot is, in and of itself, no more or less risky than simply connecting to some "unknown network" with an ethernet cable. From a security standpoint, this would be much like walking into any random office building and finding that their receptionist in the lobby hands you the end of a CAT-5 cable saying "feel free to connect to the internet while you are waiting." You'd be concerned that you have no idea what other workstations you are now visible to, or what infections they might have, or if they have a sniffer on the network, etc. but if your notebook was patched, just connecting is arguably not going to get you infected/compromised. (Feel free to correct me if you think my first assumption here is incorrect.)
The next question, of course, is that if the network is really (in the worst case scenario) a "poisoned hotspot" with a sniffer on it, how does thst impact the saftey of using Remote Desktop? I'm not asking anyone to answer a really broad question about the many different types of traffic that might be "sniffed" on a compromised WiFi network, just Remote Desktop.
I would assume that if you are using a standard WindowsXP notebook that is properly up-to-date with security patches, the act of connecting to the WiFi hotspot is, in and of itself, no more or less risky than simply connecting to some "unknown network" with an ethernet cable. From a security standpoint, this would be much like walking into any random office building and finding that their receptionist in the lobby hands you the end of a CAT-5 cable saying "feel free to connect to the internet while you are waiting." You'd be concerned that you have no idea what other workstations you are now visible to, or what infections they might have, or if they have a sniffer on the network, etc. but if your notebook was patched, just connecting is arguably not going to get you infected/compromised. (Feel free to correct me if you think my first assumption here is incorrect.)
The next question, of course, is that if the network is really (in the worst case scenario) a "poisoned hotspot" with a sniffer on it, how does thst impact the saftey of using Remote Desktop? I'm not asking anyone to answer a really broad question about the many different types of traffic that might be "sniffed" on a compromised WiFi network, just Remote Desktop.
In general RDP is pretty secure. Since the link is encrypted even if someone is "sniffing" (which is quite possible and easy to do) they will only see the encrypted traffic once RDP is established. Your password is not sent in the clear.
If you are still worried, and depending on what's at stake you might want to be, you can choose to run your RDP over a VPN connection. This will provide two levels of encryption, and different encryption at that so that even if one scheme is compromised the other one will stand up.
If you are still worried, and depending on what's at stake you might want to be, you can choose to run your RDP over a VPN connection. This will provide two levels of encryption, and different encryption at that so that even if one scheme is compromised the other one will stand up.
Here are some good examples of how to protect yourself!
Packets that are transmitted are basically safe due the extremely high levels of encryption. RDP is connected via 128-bit encryption. Even if your running a sophisticated router, decryping packets are basically not gonna happen. There is more risk of hackers getting to your system than having any issues with your system in a Wi-Fi spot.
Packets that are transmitted are basically safe due the extremely high levels of encryption. RDP is connected via 128-bit encryption. Even if your running a sophisticated router, decryping packets are basically not gonna happen. There is more risk of hackers getting to your system than having any issues with your system in a Wi-Fi spot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi mcj,
RDP is actually fairly secure once the connection is established – the encryption is fairly good & secure and your data should not be sniffed. RDP suffered from an RC4 vulnerability back in 2002 but that was patched so unless you are using a very old, un-patched machine you should be fine (if that’s the case you got more to worry ‘bout than this! ).
The safest way would be to set up a VPN connection of some sort then connect your RDP over that. Presumably the machine you are connecting to has 'full' internet connectivity (you are after all connecting to it from the net..) so you then have the added bonus of being able to use the remote machine for the ‘weaker’ protocols (POP etc) without fear of someone sniffing the local wifi network.
One issue to bear in mind is recent versions of Cain & Able have the ability to carry out Man-In-The-Middle attacks on RDP. This is dependent on a successful ARP poisoning attack to have been carried out. That said if someone has successfully ARP’d you then SSH, HTTPS etc are also at risk!
Making sure you use a good VPN solution using certificates and verifying them on connection should protect you from these types of attacks.
All the best & good luck,
Isyseurope
RDP is actually fairly secure once the connection is established – the encryption is fairly good & secure and your data should not be sniffed. RDP suffered from an RC4 vulnerability back in 2002 but that was patched so unless you are using a very old, un-patched machine you should be fine (if that’s the case you got more to worry ‘bout than this! ).
The safest way would be to set up a VPN connection of some sort then connect your RDP over that. Presumably the machine you are connecting to has 'full' internet connectivity (you are after all connecting to it from the net..) so you then have the added bonus of being able to use the remote machine for the ‘weaker’ protocols (POP etc) without fear of someone sniffing the local wifi network.
One issue to bear in mind is recent versions of Cain & Able have the ability to carry out Man-In-The-Middle attacks on RDP. This is dependent on a successful ARP poisoning attack to have been carried out. That said if someone has successfully ARP’d you then SSH, HTTPS etc are also at risk!
Making sure you use a good VPN solution using certificates and verifying them on connection should protect you from these types of attacks.
All the best & good luck,
Isyseurope
Connected RDP (from patched - to - patched) is as secure as SSL in terms of packet sniffing. No problemo - seriously. Hotspots present pre-connection-to-secure packet visibility problems that are well documented above.
If you are really concerned then look at a gateway SSL VPN solution with 2-factor-auth connections. They can help to minimise a lot of the concerns raised above but are (a rapidly reducing) spend.
A missing laptop with through authentication via the 'net to WTS is a big scary thing.
If still requiring client-to-site VPN from untrusted networks then cert based VPNs are the best option - preferably with two-factor on the client VPN connection app.
Not sure if this helps...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Now if you haven't patched your server running terminal services or Remote Desktop with a patch like this one (http://www.microsoft.com/technet/security/bulletin/MS02-051.mspx), you could have your traffic sniffed and it's big trouble.
This is under the assumption you're connecting to a desktop from outside of the entwork it resides on.
Your comment on the safety of connecting to a Wi-Fi network vs. a wired network is somewhat correct. I get the idea of what you're saying, but Wi-Fi's a lot more open since the signal goes in any given direction, whereas a wired network, the signal is pretty much only going over the wire itself. Pretending we don't know the infrastructure of the network itself (so we can leave the possibility of hubs being in place rather than switches), the security risks are just as large.
But RDP, like SSH, is a safer protocol across unprotected networks than most protocols. Pretty much it's as strong as its known weaknesses (and people's willingness to take the time to try to exploit them).