Re: remote desktop question

From: Alloishus BeauMains (all0i5hu5_at_gmail.com)
Date: 10/22/05

  • Next message: Benjamin Fogel: "RE: VAN" 
    Date: Fri, 21 Oct 2005 22:10:11 -0500
To: cc <cc@belfordhk.com>

    Well, Remote Desktop is fairly secure by itself. It is encrypted
    traffic, and using local group policies, you can encrypt it up to
    256bit. Only the username is passed in cleartext for transmission. The
    password and everything else seems to be encrypted.

    Still, if it is open to the Internet, it can be exploited. I think
    with an administrator account, you have 6 tries, and then a lockout
    occurs for 30 minutes, and then you can try again. So, a brute force
    attack, although slow, could prove effective. You can set this with
    group policy as well. While you are at it, enforce strong complexity
    requirements (at least 6 characters, 3 out of 4 conditions must be met
    [uppercase, lowercase, special character, number]).

    I have always read that a better method is to tunnel RDP either
    through VPN, or through SSH. In either case, they provide an
    additional layer of security that stops everyone from trying to get
    into the system, and further stops everyone from seeing the remote
    desktop login.

    On 10/21/05, cc <cc@belfordhk.com> wrote:
    > Dear All,
    >
    > The company I work with recently required a remote desktop access and
    > to keep the budget down, I used a XP Pro system to receive only one
    > Remote Desktop user.
    >
    > Since this requires the opening up of a port on the firewall,
    > I'm quite concerned. I have limited the system to only one or
    > two users who can log on. Since this is my initial foray
    > into the remote desktop client (in the past, we used PCAnywhere,
    > but it's getting more and more expensive(hard to justify
    > purchasing a license for each system).
    >
    > In what ways can I protect the remote desktop system from
    > being broken into? (Well, aside from shutting it down.)
    >
    > Any pointers appreciated.
    >
    > Edmund
    >
    >
    >
    >

  • Next message: Benjamin Fogel: "RE: VAN"

    Relevant Pages

    • Re: How to remote access without forcing off logged-on user?
      ... How about using Netmeeting rather than Remote Desktop? ... *** Encrypt your Internet usage with a free VPN account from ...
      (microsoft.public.windowsxp.general)
    • Re: Windows Server 2008 TS Error.
      ... you need to add the users to the Remote Desktop User group that is local to the terminal server. ...
      (microsoft.public.windows.terminal_services)
    • Re: How to LOG Remote Desktop Session?
      ... it will log your interactive sessions). ... Jeffrey Randow (Windows Net. ... >they have run, to log the remote desktop user in general, ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: How to LOG Remote Desktop Session?
      ... You can log logon successes and failures in the ... it will log your interactive sessions). ... >>Is it possible to LOG all actions from a remote desktop ...
      (microsoft.public.windowsxp.work_remotely)
    • RE: remote desktop question
      ... howto on RDP over ssh tunneling. ... Ever wonder why the mstsc.exe client won't let you connect to localhost? ... > Remote Desktop user. ...
      (Security-Basics)