Solved

Is RDP to server secure?

Posted on 2011-03-12
9
864 Views
Last Modified: 2012-05-11
I am currently RDP to the server, I am wondering if this is a secure method. I heard RDP is encrypted as well. I know someone would use RDP in VPN session, is it over killing?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 35118332
RDP is is a secure connection. VPN is sort of overkill yes. It was designed for security. You might run it on another port than teh default 3389, but it's already encrypted.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35118407
Don't agree to all extend. RDP is somewhat secure, because some encryption is done, however that does not protect against login attacks. A VPN is more secure, if the encryption and authentication is set up reasonable. PPTP for example strictly relies on the password chosen - anything regarding encryption is based on the PPTP password. IPSec is much more secure.

However I would not take the additional configuration overhead for just using a RDP session. VPN allows full or restricted access to the remote network.

In the end it is your requirement for "security" which dictates which means to use. Do you want a secured connection when established - noone can listen to it, hijack or take over - then RDP only is sufficient. Of course login info must not be obvious - like the company name the public IP belongs to, with the same or a password easy to guess.
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 350 total points
ID: 35118480
RDP is secure enough, unless your working Secret or Highly Sensitive. Read this from MS: http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx , of course RDP does not encryprt all information and that is explained here: http://support.microsoft.com/kb/275727

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data by using a 56- or 128-bit key.

When to use VPN or RDP: http://searchenterprisedesktop.techtarget.com/tip/When-to-use-Remote-Desktop-over-VPN

The above gives you a good view on why to use which and when

0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:okamon
ID: 35119654
Is authentication also encrypted with RDP? For example username and password?
I know for pptp, the authentication is not encrypted, ONLY data are encrypted after successful authentication.
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 350 total points
ID: 35120195
RDP does encrypt authentication at 128bit, but make sure that it is set that way. You can also set your servers GPO so that you ensure encryption. Look here http://www.techrepublic.com/blog/datacenter/configure-rdp-encryption-via-group-policy-for-windows-servers/2035.
0
 

Author Comment

by:okamon
ID: 35122256
>> RDP does encrypt authentication...You can also set your servers GPO so that you ensure encryption
what's the default setting in windows 2003 and 2008?

But if I need to access many servers in my network, do you think it's a good idea to open many ports for RDP on the firewall? in this case, wouldn't it be easier if I use VPN?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35122284
Absolutely. Using more than two or three RDP targets would set the mark for me to use VPN instead. Not to mention you are not restricted to the already configured RDP targets then, and need no fiddling with the RDP ports and forwarding them.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 35122668
Your right if you are looking at trying to open lots of ports. I never open more than one computer in my network though. I RDP to one computer in my net and connect to others from than one which I have hardened. It is sounding like your really wanting to just VPN though, so perhaps your better off building that. For ease of use perhaps build the VPN from your workstation to the network the use RDP through it,easing your connection concerns a bit.
0
 
LVL 78

Expert Comment

by:arnold
ID: 35123867
There is no need to open multiple ports for each host.  A better and more secure approach is to secure one server that will be exposed to the outside and use it as a jump box to the others.
A VPN will allow a direct connection to any host.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question