?
Solved

How safe is RDP?

Posted on 2010-08-13
10
Medium Priority
?
985 Views
Last Modified: 2013-12-04
Is RDP-connections (Remote desktop) by default encrypted in any way?

To connect to a terminal server from home I use to install a VPN connection for my customers, but sometimes it would be great just to open port 3389 in the firewall and go right there.

But is the traffic encrypted in any way, or is password e.t.c. sent in clear text then?

The point is to be able to log in from anywhere without having to install some expensive software or similar.
Or what is your suggestions?
0
Comment
Question by:Martin_Radbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 33427613
RDP is encrypted.  How good that encryption is is debatable.  

The more holes and methods of access to your network, the weaker your security.  I don't know what you use for VPN - I use Microsoft's Routing and Remote Access VPN server.  The client is built in for virtually all Windows clients so setting up a VPN connection is neither time consuming nor difficult nor expensive.  And I only need to open one port on my network for remote access.
0
 
LVL 11

Assisted Solution

by:Coast-IT
Coast-IT earned 500 total points
ID: 33427634
A good previous answer about the exact same subject is here explaining to to turn up security etc.

http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_21410301.html
0
 
LVL 17

Expert Comment

by:Steve
ID: 33427859
VPN all the way - we use a SonicWall SSL-VPN 2000 box also as this provides an easy solution to remote use of the system and has lots of useful functions to boot.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 500 total points
ID: 33427991
IF your windows TS is 2003 or better, you can enable and require SSL on the rdp session - same port, but encrypted with the same technology https websites use.
0
 

Author Comment

by:Martin_Radbo
ID: 33428076
"IF your windows TS is 2003 or better, you can enable and require SSL on the rdp session - same port, but encrypted with the same technology https websites use."

It is win server 2008 (and sometimes 2003) so that sounds great.

Where exactly do I configure that? And what is the need at the client side to get it to work? Latest version (7.0) of RDP client?
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33428077
If you decide to open the port direct, don't do it on port 3389 as that is a commonly known one. Use some obsucre port and change the server to listen on that port. Very easy to do but I must agree with all those who have already said, run all your traffic across your VPN whenever you can.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33430041
0
 
LVL 31

Assisted Solution

by:Cláudio Rodrigues
Cláudio Rodrigues earned 500 total points
ID: 33430169
Well my take on this is this. RDP is encrypted and without using certificates, all the way to 128-bit.
The main concern people usually have with RDP is MITM attacks.
In 15 years working exclusively deploying TS/RDS/Citrix for customers worldwide I am still to see one single case where RDP was hacked when exposed to the internet on port 3389 (of course if you use blank passwords even a VPN will not matter).
So how much should you do really depends how paranoid you are. It is up to you to decide.
As mentioned you can indeed enable certificates for the RDP connection to prevent the MITM attack and even change the RDP port. As you are on 2008 you can even setup RDS Gateway what will give you only port 443 access to the TSs. Very secure.
Again, up to you.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP
0
 

Author Comment

by:Martin_Radbo
ID: 33430403
I'm really NOT paranoid, that's the whole point. I think you must choose the level of security depending on how threatened you are (i.e, stronger excryption for the White house compared to the little single-person-company selling bread....

But it is nice to know that there indeed are at lest some (and for me enough) encryption with standard RDP. Customers sometimes ask me and I think they will be pleased with this info.

And also, if possible, I do it with a VPN tunnel, it also gives me the opportunity to be able to ping the whole remote LAN from my PC which is very useful in many ways.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33431026
Certificates are good against MitM, but on the whole its just that RDP crypto security isn't well documented, so hard to get past a security review - when everyone knows how to validate SSL.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month7 days, 23 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question