Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is RDP to server secure?

Posted on 2011-03-12
9
Medium Priority
?
887 Views
Last Modified: 2012-05-11
I am currently RDP to the server, I am wondering if this is a secure method. I heard RDP is encrypted as well. I know someone would use RDP in VPN session, is it over killing?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 35118332
RDP is is a secure connection. VPN is sort of overkill yes. It was designed for security. You might run it on another port than teh default 3389, but it's already encrypted.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35118407
Don't agree to all extend. RDP is somewhat secure, because some encryption is done, however that does not protect against login attacks. A VPN is more secure, if the encryption and authentication is set up reasonable. PPTP for example strictly relies on the password chosen - anything regarding encryption is based on the PPTP password. IPSec is much more secure.

However I would not take the additional configuration overhead for just using a RDP session. VPN allows full or restricted access to the remote network.

In the end it is your requirement for "security" which dictates which means to use. Do you want a secured connection when established - noone can listen to it, hijack or take over - then RDP only is sufficient. Of course login info must not be obvious - like the company name the public IP belongs to, with the same or a password easy to guess.
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 1400 total points
ID: 35118480
RDP is secure enough, unless your working Secret or Highly Sensitive. Read this from MS: http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx , of course RDP does not encryprt all information and that is explained here: http://support.microsoft.com/kb/275727

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data by using a 56- or 128-bit key.

When to use VPN or RDP: http://searchenterprisedesktop.techtarget.com/tip/When-to-use-Remote-Desktop-over-VPN

The above gives you a good view on why to use which and when

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:okamon
ID: 35119654
Is authentication also encrypted with RDP? For example username and password?
I know for pptp, the authentication is not encrypted, ONLY data are encrypted after successful authentication.
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 1400 total points
ID: 35120195
RDP does encrypt authentication at 128bit, but make sure that it is set that way. You can also set your servers GPO so that you ensure encryption. Look here http://www.techrepublic.com/blog/datacenter/configure-rdp-encryption-via-group-policy-for-windows-servers/2035.
0
 

Author Comment

by:okamon
ID: 35122256
>> RDP does encrypt authentication...You can also set your servers GPO so that you ensure encryption
what's the default setting in windows 2003 and 2008?

But if I need to access many servers in my network, do you think it's a good idea to open many ports for RDP on the firewall? in this case, wouldn't it be easier if I use VPN?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35122284
Absolutely. Using more than two or three RDP targets would set the mark for me to use VPN instead. Not to mention you are not restricted to the already configured RDP targets then, and need no fiddling with the RDP ports and forwarding them.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 35122668
Your right if you are looking at trying to open lots of ports. I never open more than one computer in my network though. I RDP to one computer in my net and connect to others from than one which I have hardened. It is sounding like your really wanting to just VPN though, so perhaps your better off building that. For ease of use perhaps build the VPN from your workstation to the network the use RDP through it,easing your connection concerns a bit.
0
 
LVL 80

Expert Comment

by:arnold
ID: 35123867
There is no need to open multiple ports for each host.  A better and more secure approach is to secure one server that will be exposed to the outside and use it as a jump box to the others.
A VPN will allow a direct connection to any host.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
New style of hardware planning for Microsoft Exchange server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question