Solved

Is RDP to server secure?

Posted on 2011-03-12
9
875 Views
Last Modified: 2012-05-11
I am currently RDP to the server, I am wondering if this is a secure method. I heard RDP is encrypted as well. I know someone would use RDP in VPN session, is it over killing?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 35118332
RDP is is a secure connection. VPN is sort of overkill yes. It was designed for security. You might run it on another port than teh default 3389, but it's already encrypted.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35118407
Don't agree to all extend. RDP is somewhat secure, because some encryption is done, however that does not protect against login attacks. A VPN is more secure, if the encryption and authentication is set up reasonable. PPTP for example strictly relies on the password chosen - anything regarding encryption is based on the PPTP password. IPSec is much more secure.

However I would not take the additional configuration overhead for just using a RDP session. VPN allows full or restricted access to the remote network.

In the end it is your requirement for "security" which dictates which means to use. Do you want a secured connection when established - noone can listen to it, hijack or take over - then RDP only is sufficient. Of course login info must not be obvious - like the company name the public IP belongs to, with the same or a password easy to guess.
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 350 total points
ID: 35118480
RDP is secure enough, unless your working Secret or Highly Sensitive. Read this from MS: http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx , of course RDP does not encryprt all information and that is explained here: http://support.microsoft.com/kb/275727

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data by using a 56- or 128-bit key.

When to use VPN or RDP: http://searchenterprisedesktop.techtarget.com/tip/When-to-use-Remote-Desktop-over-VPN

The above gives you a good view on why to use which and when

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:okamon
ID: 35119654
Is authentication also encrypted with RDP? For example username and password?
I know for pptp, the authentication is not encrypted, ONLY data are encrypted after successful authentication.
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 350 total points
ID: 35120195
RDP does encrypt authentication at 128bit, but make sure that it is set that way. You can also set your servers GPO so that you ensure encryption. Look here http://www.techrepublic.com/blog/datacenter/configure-rdp-encryption-via-group-policy-for-windows-servers/2035.
0
 

Author Comment

by:okamon
ID: 35122256
>> RDP does encrypt authentication...You can also set your servers GPO so that you ensure encryption
what's the default setting in windows 2003 and 2008?

But if I need to access many servers in my network, do you think it's a good idea to open many ports for RDP on the firewall? in this case, wouldn't it be easier if I use VPN?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35122284
Absolutely. Using more than two or three RDP targets would set the mark for me to use VPN instead. Not to mention you are not restricted to the already configured RDP targets then, and need no fiddling with the RDP ports and forwarding them.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 35122668
Your right if you are looking at trying to open lots of ports. I never open more than one computer in my network though. I RDP to one computer in my net and connect to others from than one which I have hardened. It is sounding like your really wanting to just VPN though, so perhaps your better off building that. For ease of use perhaps build the VPN from your workstation to the network the use RDP through it,easing your connection concerns a bit.
0
 
LVL 78

Expert Comment

by:arnold
ID: 35123867
There is no need to open multiple ports for each host.  A better and more secure approach is to secure one server that will be exposed to the outside and use it as a jump box to the others.
A VPN will allow a direct connection to any host.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We asked our MSP customer base what their favorite tools were and how they help them serve clients. We focused our questions on favorite tools in the following categories: >PSA tools >RMM tools >Alert management tools >Communication tools and Mo…
How many times a day do you open, acknowledge, or close an IT incident? What’s your process? Do you have a process depending on the incident, systems involved, and other factors? New Relic Alerts gives you options for how you interact with notifica…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question