• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 66
  • Last Modified:

Is Windows Remote Desktop connection secure

We just came up with a link that would supposedly secure a Windows Remote Desktop connection (see link below)

http://www.howtogeek.com/175087/how-to-enable-and-secure-remote-desktop-on-windows/

Open in new window


We always thought that RDP was secure until we saw this link.  That means that without setting this up, the connection to the remote computer is totally open and eyes can come in and spy on.

Question,

without the setup described in the link, RDP is not secure?

If we must follow the link in order to make it secure, this has to be done in both computers?

Please advice on what to consider.

Thank you in advance.
0
rayluvs
Asked:
rayluvs
  • 4
  • 3
2 Solutions
 
pgm554Commented:
Most windows  RDP servers have an SSL certificate (3rd party or self issued) using port 443.
RDP itself is an encrypted session.
So they should be encrypted depending upon who set it up.
0
 
rayluvsAuthor Commented:
Please note, we are referring to Windows Remote Desktop, we don't use no 3rd party apps.

That sais, and besides our use of computer-to-server, we also use computer-to-computer; would this also be secured (computer-to-computer)?
0
 
Russ SuterCommented:
Peer-to-Peer RDP on Windows machines is not considered absolutely secure. I can tell you from personal experience that using it in a PCI environment causes a fail in an audit. You can make a fully secure remote desktop system if you use RDS and go through the extra steps of securing the communication using an SSL layer.

All that being said, for most practical purposes, Windows RDP, even peer-to-peer, is secure enough for most standard cases as long as you set it up to only allow more secure connections.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
rayluvsAuthor Commented:
Thanx for the info.

So to go back to our original question,

Without the setup described in the link, RDP is not secure?

If we must follow the link in order to make it secure, this has to be done in both computers?

0
 
Russ SuterCommented:
Following the instructions in the link will definitely enhance the security. However TLS 1.0 is no longer considered fully secure although to truly exploit its vulnerability requires some serious hardware. Without following the advice in the link you're at the mercy of Windows security which is basically an oxymoron.
0
 
rayluvsAuthor Commented:
Ok, that answer the first part; the; last part of the question,

so by following the link to set the additional security, should this be done in both computers?
0
 
Russ SuterCommented:
It needs to be done on each PC that will be on the receiving end of the RDP session. If you're on a computer that will never receive an RDP request then you don't need to do anything. RDP is disabled by default.
0
 
rayluvsAuthor Commented:
Thanx!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now