Microsoft’s RDP protocol is used extensively throughout the world in many organisations as well as SOHO and home users. However, some people say things like it’s fine from a security stand-point as it’s encrypted – and well yes…. it is encrypted… BUT:
- Server authentication – RDP does not provide authentication to a terminal server
- Hacking tools such as TS Grinder/TSCrack can be used
To try and mitigate this weakness you can use TLS/SSL over RDP which will also increase the encryption level, in addition Microsoft now support FIPS compliant levels with Windows Server 2003 SP1/SP2, Windows XP SP2, Windows Vista and when released Windows Server Longhorn. You can also configure client computers with the trusted certificate to be the only devices allowed to connect.
Listed below are links for further research and step-by-step procedures, so you can start to implement this today!
- Microsoft KB 895433 – How to configure a Windows Server 2003 terminal server to use TLS for server authentication
- Microsoft Technet article – Configuring authentication and encryption
- Windowsecurity.com – How to secure remote desktop connections using TLS/SSL based authentication:
- Microsoft KB925876 – A Remote Desktop Connection 6.0 client update is available
- Techrepublic – Connect securely to Windows Vista Remote Desktop
Secure RDP with WS2003 and Vista
Bookmark the permalink.