Security Basics mailing list archives

RE: RDP Security

From: "Bryan Ponnwitz" <bponnwitz () wwsport com>
Date: Sun, 11 Mar 2007 15:56:36 -0400

I believe Microsoft's answer to MITM attacks on a local LAN is to
implement IPSec on your computers.  If you implement the correct IPSec
policy, then I would say that RDP would be 100% secure.  Even if you
don't want to turn on IPSec for your whole LAN, you could create a
policy to sign traffic on port 3389 between the computers that you're
RDP'ing with and it would eliminate the possibility of MITM attacks
completely.

Bryan

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Tornado
Sent: Monday, March 05, 2007 6:37 AM
To: security-basics () securityfocus com
Subject: RDP Security

Hi All,

I was just curious to know how secure is Remote Desktop Protocol on the 
local network? I know that this protocol is prone to MITM attacks.But
has 
Microsoft addressed this issue in the latest RDP client?

Thanks in advance.

----------------------------------------------------------------------
Click for  FHA loan, $0 lender fees, low rates & approvals nationwide
http://tags.bluebottle.com/fc/CAaCMPJetxFHQmpYDjxn9T2dV7G9wZV0/

Current thread:

RDP Security Tornado (Mar 06)
- Re: RDP Security Brent Gardner (Mar 06)
- Re: RDP Security WALI (Mar 07)
  - RE: RDP Security Roger A. Grimes (Mar 08)
- Message not available
  - Invisible dilemma - ARP flush WALI (Mar 12)
    - Re: Invisible dilemma - ARP flush Bryce Verdier (Mar 15)
    - Message not available
    - RE: Invisible dilemma - ARP flush WALI (Mar 23)
- RE: RDP Security Bryan Ponnwitz (Mar 12)
- <Possible follow-ups>
- Re: Re: RDP Security alegr1 (Mar 07)
  - RE: Re: RDP Security Roger A. Grimes (Mar 07)