Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2736
  • Last Modified:

Remote Desktop SSL Settings and Certificate Aquire

I received this failure for a monthly scanning service.
How do I aquire a certificate for my remote desktop server to complete this?
How do I accomplish all this?

Synopsis : It may be possible to get access to the remote host. Description : The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords, ...). Solution: Force the use of SSL as a transport layer for this service. See also : http://www.oxid.it/downloads/rdp-gbu.pdf http://technet.microsoft.com/en-us/libra ry/cc782610.aspx Risk Factor: Medium  / CVSS Base Score : 5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE : CVE-2005-1794 BID : 13818 Other references : OSVDB:17131

Thanks!
0
rickpary
Asked:
rickpary
  • 2
  • 2
2 Solutions
 
ParanormasticCryptographic EngineerCommented:
A normal web server certificate is fine - from your own CA or commericial CA (e.g. godaddy) and should be installed on the TS server and TS gateway (TSG) if you have one.

RDP 6.0 to support which came with XP SP2 and should work okay, however it is recommended that you go with RDP 6.1 that shipped with the latest service packs for each OS.  This provides the ability to have SAN certs (multiple names in the same cert - i.e. you can have hostname, dns name, dns aliases, IP addresses, etc.), better support for remote printing, etc.  

You can get just the RDP 6.1 client installer her if you aren't ready to roll out XP SP3 yet, so you can use the newest version:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en


A description of RDP 6.1 and its features is here:
http://support.microsoft.com/kb/951616

Description of RDP 6.0 is here and mentions TSG:
http://support.microsoft.com/kb/925876
0
 
ParanormasticCryptographic EngineerCommented:
0
 
rickparyAuthor Commented:
Can someone walk me thru this?
I just need to create a certificate and install it.
THe above is confusing.
Thank You
0
 
rickparyAuthor Commented:
I am running Microsoft Windows Server 2003 for Small Business Server SP2.
How do I create and install the certificate?
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now