Re: Win2k3 Web Edition, where is the protection?

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/03/04 

Date: Mon, 2 Feb 2004 17:20:24 -0800

:-)
No need to *** out, Bill. You said exactly what I would have anyway - RDP
traffic is encrypted by default. It's RC4, so it's not amazing crypto, but
it's better than plaintext. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:OqtGNFR6DHA.2380@TK2MSFTNGP10.phx.gbl...
> Interspersed:
> (and butting back out!)
> "RoChess" <anonymous@discussions.microsoft.com> wrote in message
> news:16FF7400-5054-49DD-8E98-495FDB29FB1D@microsoft.com...
> >     Hmm- you know that RDP is encrypted--RC4 128 bit between XP Pro and
> > 2k3, by default.
> >     Not that adding IPSec isn't a bad idea, but encryption is already
> > there.
>
>
> I mis-spoke.  Using the RDP client included with XP Pro or XP Home (or
> Windows Server 2003 for that matter) with a Windows Server 2003 host--the
> default encryption is RC4, 128 bit key, unless intentionally set lower at
> the host end.  In this case, XP Home and XP Pro have identical
capabilities.
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/remote_desktop_protocol.asp
>
> There are limitations to IPSec use in XP Home, described here:
>
>
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/sag_IPSec_Ov9.asp
>
> I'm not experienced with IPSec enough to say where your setup is
> failing--but the underlying encryption in RDP itself is definitely
> there--even without the IPSec tunnel.
>
> >
> > Hi Bill,
> >
> > Nice of you to jump in, but I kinda got used to replies from Drew, hence
> > you might have missed the fact from previous chat, that in this case, I
> > use:
> >
> >  - Windows XP Home, SP1 with everything up-to-date and tweaked to add
more
> > security
> >  - Windows Server 2003 Web Edition
> >
> > I would have used XP Pro myself, but when I bought my systems, my
> > distributor was out of Pro, so I had to settle for Home, frankly (this
> > problem aside), there isn't much I can't do with Home tho, ACLs I
control
> > via command line, and most utils that Pro has included, I use GPL
> > solutions for.
> >
> > So anyway, the reason I thought IPSec was needed, was due to the
following
> > KB article:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;816521
> >
> > Which even indicates that the article is also meant for the 'Web
Edition',
> > but I guess the real cause for it failing to work, was due to me using
XP
> > Home.
>
>