Re: Remote Desktop Web Connection

From: Al Kazan (
Date: 10/06/04

  • Next message: Ken Schaefer: "Re: Permission to ask Active Directory"
    Date: Tue, 5 Oct 2004 15:09:08 -0700

    Thanks Mike, I thought this was the case but the
    documentation I found was vague. I am using Windows XP
    Pro. As you note risk is reducible but not eliminatable.
    >-----Original Message-----
    >RDP sessions are by default encrypted. How strong this
    encryption is depends
    >on OS and RDP client (Windows 2003 and latest client
    will by default use 128
    >bit encryption), Windows 2000 will use lower encryption.
    >Note, you will have to open TCP port 3389 to access your
    server using RDP
    >What is risk here:
    >* anyone in the world can access logon site of your
    server (unless you
    >restrict this to specific IP, but then you can't logon
    to your server from
    >anywhere in the world)
    >* if you use cybercafé or something similar someone
    could sniff information
    >that you pass from computer in cybercafé to your server
    >* ...
    >I hope this helps,
    >"Al Kazan" <> wrote
    in message
    >> If you implement Remote Desktop Web Connection as part
    >> IIS and you set up a web address via a Dynamic Hosting
    >> service you can use it to go through your local router
    >> your computer and sign on your computer from any where
    >> the world. How secure is this? When you reach your
    >> computer you must type in your password. Is this
    >> protected in any way if you choose anonymous access or
    >> can it be easily sniffed for passwords?

  • Next message: Ken Schaefer: "Re: Permission to ask Active Directory"

    Relevant Pages

    • Re: Auto-update protocol
      ... shared secret/public key is the only way to do the encryption. ... successfully decryption is the authentication. ... you can get using a generic farm server, but TFTP does not have any ... are available and forgo client polling at all ... ...
    • [NT] Multiple Vulnerabilities in HP Web JetAdmin (Read, Write, Execute, Path Disclosure, Password De
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... HP Web JetAdmin is an enterprise management system for large amounts of HP ... The web server is a modular service ... HP Web JetAdmin uses it's own encryption. ...
    • Re: Advice needed on secure remote datacenter and secure communication
      ... fair bit of time working with windows server, ... as for VPN, ... Addressing your issue with PGP encryption on sensitive files, ...
    • Re: Best way to get large files from a friend?
      ... |> people have "no reasonable expectation of privacy" with email. ... it moves from server to server to get to ... the vpn can intercept it without cracking the encryption. ... able to read people's emails unless there's a *really* good reason, ...
    • Re: Proposal for Lite Encryption for Login Form without SSL
      ... the form uses javascript to hash the password ... This way the password is not sent to the server ... This would be the equivalent to a public key in public key encryption ...