Solved

Is remote desktop over the internet secure?

Posted on 2008-10-27
5
1,005 Views
Last Modified: 2013-12-04
I have two Windows Vista Machines that I use to connect to one via Remote Desktop Connection. I use to use Quick VPN with my WRVS4400N Linksys router until it became unreliable. I have setup port forwarding to my desktop computer through this router. I can now connect to this computer by using my ISP assigned address remotely through the internet. How secure is this compared to me connecting with my Linksys Quick VPN, when it was working? What should I be worried about connecting to my computer remotely in this way? Thanks in advance!
0
Comment
Question by:jbyrd1981
5 Comments
 
LVL 16

Accepted Solution

by:
sh0e earned 400 total points
ID: 22818920
RDP is encrypted, so it's not communicating in plain-text.

Good tutorial on how to configure RDP to be more secure.
http://www.mobydisk.com/techres/securing_remote_desktop.html
0
 
LVL 4

Expert Comment

by:whsum
ID: 22818964
RDP is secure but you only have one level of protection by exposing your RDP directly to the internet. With the Quick VPN, would be hackers will need to hack another layer before being able to access the RDP login.

I would say RDP is secure, providing you have correctly set your router to expose the single port necessary and that you have only enabled limited access accounts with secure passwords.
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 22819666
The main issue with RDP is the fact that there is only single factor authentication as whsum suggests.  I would strongly recommend implementing a VPN and then connecting to RDP using the VPN, rather than a straight connection to RDP over the web.

0
 
LVL 16

Assisted Solution

by:cantoris
cantoris earned 100 total points
ID: 22820494
I prefer to set up an SSH2 server on the PC and configure RDP to be forwarded over it rather than expose port 3389 directly.

Here's an SSH server (free for personal non-commercial use):
http://www.bitvise.com/winsshd
And the SSH client:
http://www.bitvise.com/tunnelier  - it supports single-click remote desktop port forwarding.

It's a little more work but an extra layer of security without messing with VPNs.
0
 
LVL 16

Assisted Solution

by:sh0e
sh0e earned 400 total points
ID: 22822074
Actually, if you need end-point authentication for reducing MITM risks, RDP supports SSL/TLS and CredSSP.
Just make sure RDP is updated to the latest version on both the client and server end.
End-point authentication is negotiated, so if it warns you about connecting less securely, don't connect.

This feature is supported only on more recent versions, but this includes Vista so you should be fine.

Latest client software.  Should also be available through Windows Update:
http://www.microsoft.com/downloads/details.aspx?familyid=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en

Picture below shows the option that references what I am talking about.
untitled.PNG
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to export list of ssl vpn users in a dell sonicwall 4 103
SSL VPN 3 38
is this a virus? 3 57
VPN connection 7 18
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question