Re: Is Remote Desktop Connection Login secure over wireless?

From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 07/18/05


Date: Mon, 18 Jul 2005 10:48:14 +0200

Hi,

If I may add, just double check on Terminal server that the Encryption Level
is set to at least High.

For added security you could also add TLS to prevent e.g.
"man-in-the-middle" attacks...

How to configure a Windows Server 2003 terminal server to use TLS for server
authentication
http://support.microsoft.com/?id=895433

-- 
Mike
Microsoft MVP - Windows Security
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message 
news:%23b%23v05yiFHA.3656@TK2MSFTNGP09.phx.gbl...
> Remote Desktop establishes the tunnel before you logon.  You do not have 
> to do anything special. Just make sure you use real strong passwords on 
> your computer as others most likely attempt to logon also when they see 
> port 3389 TCP open on your computer.  I would also enable auditing of 
> logon events in Local Security Policy so that you can keep track of such. 
> If you find an abuser you could try to configure your firewall or ipsec 
> filter to block access from that persons public IP address.   --- Steve
>
>
> "Mark Findlay" <mfindlay@speakeasy.org> wrote in message 
> news:eMA8jNyiFHA.1412@TK2MSFTNGP09.phx.gbl...
>> Thanks Steve,
>>
>> Just to clarify my understanding: the "secure tunnel" you refer to - 
>> that's something that RDC creates automatically on my behalf? In other 
>> words, there are no special configurations or special connection settings 
>> I need to create on my laptop or the target PC? I only ask since I had 
>> seen some references in other postings to private VPN etc., and I don't 
>> have any of that set up. I am just using the default installations of XP 
>> on both laptop and PC.
>>
>> If there are any special configuration steps I need in order to establish 
>> the "secure tunnel", could you elaborate on those?
>>
>> Many thanks!
>> Mark
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message 
>> news:eIHF00kiFHA.2644@TK2MSFTNGP09.phx.gbl...
>>> The secure tunnel is created before you enter your credentials and even 
>>> then your password is never sent over the network. However I would never 
>>> enter my credentials on a public  kiosk computer or other computer that 
>>> I do not know is secure/clean. From your description it sounds as if you 
>>> are using your own laptop.  --- Steve
>>>
>>>
>>> "Mark Findlay" <mfindlay@speakeasy.org> wrote in message 
>>> news:%23ZSCsSkiFHA.500@TK2MSFTNGP09.phx.gbl...
>>>> Greetings experts!
>>>>
>>>> When I am using free public wireless hotspots such as coffee-houses, 
>>>> etc., the security warning indicates that the connection is not secure, 
>>>> and I understand that (essentially :)
>>>>
>>>> My question is: If I use an un-secured wireless network connection, 
>>>> then attempt to use Windows Remote Desktop Connection to connect to my 
>>>> PC at home, is the username and password I type into the Remote Desktop 
>>>> Connection settings encrypted or otherwise protected? Or am I at risk 
>>>> of hackers intercepting the login credentials I pass to RDC?
>>>>
>>>> Thanks!
>>>
>>>
>>
>
> 


Relevant Pages

  • NT4 terminal server security fix delinquency
    ... Since that time the Windows NT Server 4.0, Terminal Server Edition ... Security Roll-Up has still not been released, ... TSE Fix Status: To be release shortly ... TSE Fix Status: To be released shortly ...
    (NT-Bugtraq)
  • Re: how to secure terminal server, no software installation, and etc
    ... Your Terminal Services Security Website ... > MCSE, CCEA, Microsoft MVP - Terminal Server ... >> Server machine account to the security list of the GPO (keep the ...
    (microsoft.public.windows.terminal_services)
  • Re: redirected printer security changes wont stick
    ... After doing some more searching around, it seems that the security names ... which prints to LPT1. ... for the printer that gets created when they log into the terminal server. ... security tab) that are assigned to a redirected printer when someone logs ...
    (microsoft.public.windows.terminal_services)
  • Re: Non-Admins cant logon to 2kServer in App-Svr mode
    ... Do you know if there was a security template or anything locking down the ... You can run security configuration and analysis to determine the current ... system security settings, and reset any default settings that have been ... > I have not been able to connect to my Win2000 Terminal Server unless I use ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Win XP PC at home destroyed by teenagers and KAZAA!
    ... > You may wish to try the Panda ActiveScan Free Online Scanner. ... > Symantec Security Check ... > connection settings don't include a way to turn on Windows XP's ...
    (microsoft.public.windowsxp.security_admin)