Solved

Remote Desktop SSL Settings and Certificate Aquire

Posted on 2009-05-11
4
2,684 Views
Last Modified: 2013-11-21
I received this failure for a monthly scanning service.
How do I aquire a certificate for my remote desktop server to complete this?
How do I accomplish all this?

Synopsis : It may be possible to get access to the remote host. Description : The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords, ...). Solution: Force the use of SSL as a transport layer for this service. See also : http://www.oxid.it/downloads/rdp-gbu.pdf http://technet.microsoft.com/en-us/libra ry/cc782610.aspx Risk Factor: Medium  / CVSS Base Score : 5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE : CVE-2005-1794 BID : 13818 Other references : OSVDB:17131

Thanks!
0
Comment
Question by:rickpary
  • 2
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24379953
A normal web server certificate is fine - from your own CA or commericial CA (e.g. godaddy) and should be installed on the TS server and TS gateway (TSG) if you have one.

RDP 6.0 to support which came with XP SP2 and should work okay, however it is recommended that you go with RDP 6.1 that shipped with the latest service packs for each OS.  This provides the ability to have SAN certs (multiple names in the same cert - i.e. you can have hostname, dns name, dns aliases, IP addresses, etc.), better support for remote printing, etc.  

You can get just the RDP 6.1 client installer her if you aren't ready to roll out XP SP3 yet, so you can use the newest version:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en


A description of RDP 6.1 and its features is here:
http://support.microsoft.com/kb/951616

Description of RDP 6.0 is here and mentions TSG:
http://support.microsoft.com/kb/925876
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 500 total points
ID: 24379972
0
 

Author Comment

by:rickpary
ID: 25172132
Can someone walk me thru this?
I just need to create a certificate and install it.
THe above is confusing.
Thank You
0
 

Author Comment

by:rickpary
ID: 25172279
I am running Microsoft Windows Server 2003 for Small Business Server SP2.
How do I create and install the certificate?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question