Link to home
Start Free TrialLog in
Avatar of Martin Radbo
Martin RadboFlag for Sweden

asked on

How safe is RDP?

Is RDP-connections (Remote desktop) by default encrypted in any way?

To connect to a terminal server from home I use to install a VPN connection for my customers, but sometimes it would be great just to open port 3389 in the firewall and go right there.

But is the traffic encrypted in any way, or is password e.t.c. sent in clear text then?

The point is to be able to log in from anywhere without having to install some expensive software or similar.
Or what is your suggestions?
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
VPN all the way - we use a SonicWall SSL-VPN 2000 box also as this provides an easy solution to remote use of the system and has lots of useful functions to boot.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Martin Radbo

ASKER

"IF your windows TS is 2003 or better, you can enable and require SSL on the rdp session - same port, but encrypted with the same technology https websites use."

It is win server 2008 (and sometimes 2003) so that sounds great.

Where exactly do I configure that? And what is the need at the client side to get it to work? Latest version (7.0) of RDP client?
Avatar of sosinc3
sosinc3

If you decide to open the port direct, don't do it on port 3389 as that is a commonly known one. Use some obsucre port and change the server to listen on that port. Very easy to do but I must agree with all those who have already said, run all your traffic across your VPN whenever you can.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm really NOT paranoid, that's the whole point. I think you must choose the level of security depending on how threatened you are (i.e, stronger excryption for the White house compared to the little single-person-company selling bread....

But it is nice to know that there indeed are at lest some (and for me enough) encryption with standard RDP. Customers sometimes ask me and I think they will be pleased with this info.

And also, if possible, I do it with a VPN tunnel, it also gives me the opportunity to be able to ping the whole remote LAN from my PC which is very useful in many ways.
Certificates are good against MitM, but on the whole its just that RDP crypto security isn't well documented, so hard to get past a security review - when everyone knows how to validate SSL.