Solved

Is RDP to server secure?

Posted on 2011-03-12
9
829 Views
Last Modified: 2012-05-11
I am currently RDP to the server, I am wondering if this is a secure method. I heard RDP is encrypted as well. I know someone would use RDP in VPN session, is it over killing?
0
Comment
Question by:okamon
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 35118332
RDP is is a secure connection. VPN is sort of overkill yes. It was designed for security. You might run it on another port than teh default 3389, but it's already encrypted.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35118407
Don't agree to all extend. RDP is somewhat secure, because some encryption is done, however that does not protect against login attacks. A VPN is more secure, if the encryption and authentication is set up reasonable. PPTP for example strictly relies on the password chosen - anything regarding encryption is based on the PPTP password. IPSec is much more secure.

However I would not take the additional configuration overhead for just using a RDP session. VPN allows full or restricted access to the remote network.

In the end it is your requirement for "security" which dictates which means to use. Do you want a secured connection when established - noone can listen to it, hijack or take over - then RDP only is sufficient. Of course login info must not be obvious - like the company name the public IP belongs to, with the same or a password easy to guess.
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 350 total points
ID: 35118480
RDP is secure enough, unless your working Secret or Highly Sensitive. Read this from MS: http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx , of course RDP does not encryprt all information and that is explained here: http://support.microsoft.com/kb/275727

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data by using a 56- or 128-bit key.

When to use VPN or RDP: http://searchenterprisedesktop.techtarget.com/tip/When-to-use-Remote-Desktop-over-VPN

The above gives you a good view on why to use which and when

0
 

Author Comment

by:okamon
ID: 35119654
Is authentication also encrypted with RDP? For example username and password?
I know for pptp, the authentication is not encrypted, ONLY data are encrypted after successful authentication.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 350 total points
ID: 35120195
RDP does encrypt authentication at 128bit, but make sure that it is set that way. You can also set your servers GPO so that you ensure encryption. Look here http://www.techrepublic.com/blog/datacenter/configure-rdp-encryption-via-group-policy-for-windows-servers/2035.
0
 

Author Comment

by:okamon
ID: 35122256
>> RDP does encrypt authentication...You can also set your servers GPO so that you ensure encryption
what's the default setting in windows 2003 and 2008?

But if I need to access many servers in my network, do you think it's a good idea to open many ports for RDP on the firewall? in this case, wouldn't it be easier if I use VPN?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35122284
Absolutely. Using more than two or three RDP targets would set the mark for me to use VPN instead. Not to mention you are not restricted to the already configured RDP targets then, and need no fiddling with the RDP ports and forwarding them.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 35122668
Your right if you are looking at trying to open lots of ports. I never open more than one computer in my network though. I RDP to one computer in my net and connect to others from than one which I have hardened. It is sounding like your really wanting to just VPN though, so perhaps your better off building that. For ease of use perhaps build the VPN from your workstation to the network the use RDP through it,easing your connection concerns a bit.
0
 
LVL 76

Expert Comment

by:arnold
ID: 35123867
There is no need to open multiple ports for each host.  A better and more secure approach is to secure one server that will be exposed to the outside and use it as a jump box to the others.
A VPN will allow a direct connection to any host.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now