Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote Desktop vs VPN on Windows 2003

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 17 Jan 2005 18:51:51 +0100
On 2005-01-14 Roger A. Grimes wrote:

I can think of NO reason not to use Remote Desktop.  Remote Desktop is
fast and secure.


Fast: yes. But secure? AFAIK terminal services use RC4 for encryption
which is known to be weak for quite a few years now. Better set up an
SSH server and establish the RDP session through an SSH tunnel. That's
easy to setup, easy to use and secure as well.


Everything is encrypted past the logon name. To get additional
security assurance, change the default TCP port from 3389 to something
randomly high...like 58645 (which you can do with a regedit on the
server...just google it).  Then add the new port number to your server
address...like www.example.com:58645.


Switching ports is just adding obscurity, not security.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Previous By Date Next
Previous By Thread Next

Current thread: