Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Is RDP to server secure?

I am currently RDP to the server, I am wondering if this is a secure method. I heard RDP is encrypted as well. I know someone would use RDP in VPN session, is it over killing?
0
okamon
Asked:
okamon
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
LazarusCommented:
RDP is is a secure connection. VPN is sort of overkill yes. It was designed for security. You might run it on another port than teh default 3389, but it's already encrypted.
0
 
QlemoC++ DeveloperCommented:
Don't agree to all extend. RDP is somewhat secure, because some encryption is done, however that does not protect against login attacks. A VPN is more secure, if the encryption and authentication is set up reasonable. PPTP for example strictly relies on the password chosen - anything regarding encryption is based on the PPTP password. IPSec is much more secure.

However I would not take the additional configuration overhead for just using a RDP session. VPN allows full or restricted access to the remote network.

In the end it is your requirement for "security" which dictates which means to use. Do you want a secured connection when established - noone can listen to it, hijack or take over - then RDP only is sufficient. Of course login info must not be obvious - like the company name the public IP belongs to, with the same or a password easy to guess.
0
 
LazarusCommented:
RDP is secure enough, unless your working Secret or Highly Sensitive. Read this from MS: http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx , of course RDP does not encryprt all information and that is explained here: http://support.microsoft.com/kb/275727

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data by using a 56- or 128-bit key.

When to use VPN or RDP: http://searchenterprisedesktop.techtarget.com/tip/When-to-use-Remote-Desktop-over-VPN

The above gives you a good view on why to use which and when

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
okamonAuthor Commented:
Is authentication also encrypted with RDP? For example username and password?
I know for pptp, the authentication is not encrypted, ONLY data are encrypted after successful authentication.
0
 
LazarusCommented:
RDP does encrypt authentication at 128bit, but make sure that it is set that way. You can also set your servers GPO so that you ensure encryption. Look here http://www.techrepublic.com/blog/datacenter/configure-rdp-encryption-via-group-policy-for-windows-servers/2035.
0
 
okamonAuthor Commented:
>> RDP does encrypt authentication...You can also set your servers GPO so that you ensure encryption
what's the default setting in windows 2003 and 2008?

But if I need to access many servers in my network, do you think it's a good idea to open many ports for RDP on the firewall? in this case, wouldn't it be easier if I use VPN?
0
 
QlemoC++ DeveloperCommented:
Absolutely. Using more than two or three RDP targets would set the mark for me to use VPN instead. Not to mention you are not restricted to the already configured RDP targets then, and need no fiddling with the RDP ports and forwarding them.
0
 
LazarusCommented:
Your right if you are looking at trying to open lots of ports. I never open more than one computer in my network though. I RDP to one computer in my net and connect to others from than one which I have hardened. It is sounding like your really wanting to just VPN though, so perhaps your better off building that. For ease of use perhaps build the VPN from your workstation to the network the use RDP through it,easing your connection concerns a bit.
0
 
arnoldCommented:
There is no need to open multiple ports for each host.  A better and more secure approach is to secure one server that will be exposed to the outside and use it as a jump box to the others.
A VPN will allow a direct connection to any host.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now