Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote desktop connection, configuration and security

Posted on 2011-09-12
2
Medium Priority
?
392 Views
Last Modified: 2012-05-12
HI,

To be compliant with PCI, we need to review the way we have configured Remote Desktop Protocol. We need to be using Remote Desktop Connection, with HIGH encryption level. At my organization, people use RDC when:

* Admins and users are physically outside of the network: In which case, they have to VPN to the network and then only they can remote in to the intended machine.
* Admins and users are physically on the network: In which case, they can directly start a remote session with the server.

PCI requirement is not very clear about whether we need to have high encryption level for "on-network" type of connections or this requirement is only meant for organizations allowing RDP over internet?

If you PCI better, that's great, please share !

But from technical standpoint, I also want to compare the security aspect of using RDP over the internet and RDP over VPN. Can we say RDP over VPN is quite secure ? What measures can I take to secure RDC sessions.

Thanks !
0
Comment
Question by:pratz09
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 2000 total points
ID: 36528443
The only requirement for internal traffic is that all sensitive information such as authentication credentials need to be protected, encrypting other traffic is merely recommended. RDP protects the authentication credentials and provides some level of encryption so this should not be a problem.

RDP over VPN is as secure as anything over VPN. For external RDP access I would only allow it with High or FIPS-compliant encryption, and either TLS or network-level authentication to mitigate man-in-the-middle attacks. For external access one measure that would greatly improve the security would be to restrict the addresses connections can be made from in the VPN gateway/firewall, if that's possible.
0
 

Author Closing Comment

by:pratz09
ID: 36533045
Thanks !
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question