[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 423
  • Last Modified:

How to require SSL connection via RDC

Hi!
I edited the terminal services on a remote Windows Server version 2003 SP2.
It says to use a SSL certificate at High level.
I can connect using the RDC (Windows 7) client using the domain and the lock occurs on the taskbar at the top. What is not working is I am also able to connect using RDC and just a IP address and no SSL. I want to require the domain being used so that the SSL will have to be used. Any ideas (please be specific)?

0
TrueBlue
Asked:
TrueBlue
  • 3
  • 2
2 Solutions
 
Andrew DavisManagerCommented:
RDP has built in encryption.
see 128-bit encryption, using the RC4 encryption algorithm, as of Version 6.[15] Older implementations suffer from a man-in-the-middle vulnerability, which can allow an attacker to decrypt the encrypted streams by recording the encryption key as it is transmitted.[16]
*source http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

cheers
0
 
TrueBlueAuthor Commented:
AndrewJDavis,
I am able to connect with the remote server securely by using https://www.domain.com
The problem I can also connect using the IP address with no https required and no lock icon on the taskbar.
Any ideas how I can force a secure connection using ssl?
0
 
Andrew DavisManagerCommented:
unsure what you are trying to do.
are you using a browser (IE, Firefox,...) to goto the web site that allows connection to the server.
or are you running mstsc and putting in the https://www.domain.com (although this should not work.

if it is the first then all you are doing is securely launching the mstsc client software. all RDP connections are encrypted as per my first post.

Cheers
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
TrueBlueAuthor Commented:
AndrewJDavis:
Trying to eliminate Remote Desktop Man in the Middle from the list of Non PCI compliant issues with our server. As I said I can not connect using RDC / browser to our server using a domain / SSL, but so can anyone else using the static IP address and no SSL. So I would imagine the scanner is going to try this method and fail. Is this more clear? TIA
P.S. I apparentlyly haver version 5.2 in Windows Server 2003?
0
 
jgpdCommented:
follow this guide .I'm assuming you have a valid certificate from verisign or another CA store,
http://thelazyadmin.com/blogs/thelazyadmin/archive/2007/01/26/Configure-RDP-over-SSL-with-SelfSSL.aspx
Regards,
jose
0
 
TrueBlueAuthor Commented:
jqpd,
I have already done this :)
My problem is that the two IP addresses that are assigned to the VPS allow a person to access the control panel without using the SSL certificate. It only is enforced when using a domain to access the control panel. Any ideas?
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now