Re: How is dangerous connect to server over internet with remote deskt

---

• From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
• Date: Fri, 21 Jul 2006 15:11:09 +0200

---

Hi,

There are few things you can do to make these connections (more) secure:
- On the server set the encryption to high
- On Windows Server 2003 with SP1 installed on it you can use certificates
to prevent MITM (Man In The Middle) attacks.

Now the only thing that I usually worry about when considering RDP are key
loggers that might be installed on a computer from which you are trying to
connect to your server (e.g. if you are trying to connect to your server
from cyber café). Still this is not only the problem with RDP connection but
with any remote connection using static username and password.

So if you decide for this option pay attention to username and password (use
strong username and password and change passwords frequently). Don't use
domain administrator account for connection - use ordinary user account.
Whenever possible this user account should not even be local administrator
on the server. Once you are connected to the server you can raise your
permissions using another RDP to the server or options such as "run as" etc.

Another thing to consider is to limit IP address from which you can connect
to your server over RDP (e.g. limit it to your home IP address only).

--
Mike
Microsoft MVP - Windows Security

"Massimo" <Massimo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E85C1B9-1460-4EF8-8EFC-7FF4FD983C45@xxxxxxxxxxxxxxxx

I have installed windows server 2003 enterprise edition. I have to manage
my
server from remote site. A solution with remote desktop only is very
dangerous? Terminal service of windows server 2003 with encryption is not
secure?

Thank's

.

---

• Prev by Date: Re: Open source in the national interest
• Next by Date: email from MSN Business Operations ".NET Messenger User with Corporate Domain Address: UPDATE REQUIRED" ?SCAM?
• Previous by thread: Spyware solution
• Next by thread: Re: How is dangerous connect to server over internet with remote d
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Windows Remote Desktop ... between the server and client in addition to RDP encryption. ... On the topic of securing RDP i was wondering if anyone can help.... ... connection is difficult. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ... (Security-Basics) RE: Multiprotocol Encryption Through a Firewall ... Remote SQL Server 2000 (MSDE 2000) through a firewall with only a single ... connection to a remote SQL Server and I wanted to share the ... Encryption checkbox. ... (microsoft.public.sqlserver.connect) Re: MSKB 891957, VSS Update for Windows Server 2003 ... I left the connection sit idle and checked back in an hour. ... server and browsed around for a few minutes. ... it would seem that there is still some issue with the V6 RDP ... I left the server with user Backup logged in when I left the ... (microsoft.public.windows.server.general) Re: RDP Data Encryption Error ... If we make a remote connection to the server at work and then RDP into one ... we get this "encryption error" after a few seconds. ... the client will drop the connection ... (microsoft.public.windows.terminal_services) Re: Storing Username/Password problem ... It's set on a per-server basis, so that any incoming RDP connection to that server is logged on with the credentials specified in Terminal Services Configuration. ... (microsoft.public.windows.terminal_services)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)