Security Basics mailing list archives
Re: RDP Security
From: Brent Gardner <brent.gardner () gmail com>
Date: Tue, 06 Mar 2007 14:08:36 -0700
I'm disappointed with the security Microsoft has built it to RDP. From what I've seen the emphasis is on protecting clients from rogue servers. There's very little to protect servers from rogue clients. For example, with the new version of the RDP client that ships with Vista and is downloadable for XP and 2000, you can set clients to only connect to servers that have a matching SSL certificate. Somebody please correct me if I'm wrong because I really would like to make this work, but it looks to me like you can't configure a server to only talk to clients that have a matching certificate. Non-certificated clients can still connect and get a login screen.I guess I'm not speaking to the strength of the protocol, but when I care about who gets to connect to my servers I use stunnel to send RDP sessions over an SSL/TLS tunnel.
Brent Gardner Tornado wrote:
Hi All,I was just curious to know how secure is Remote Desktop Protocol on the local network? I know that this protocol is prone to MITM attacks.But has Microsoft addressed this issue in the latest RDP client?Thanks in advance. ---------------------------------------------------------------------- Click for FHA loan, $0 lender fees, low rates & approvals nationwide http://tags.bluebottle.com/fc/CAaCMPJetxFHQmpYDjxn9T2dV7G9wZV0/
Current thread:
- RDP Security Tornado (Mar 06)
- Re: RDP Security Brent Gardner (Mar 06)
- Re: RDP Security WALI (Mar 07)
- RE: RDP Security Roger A. Grimes (Mar 08)
- Message not available
- Invisible dilemma - ARP flush WALI (Mar 12)
- Re: Invisible dilemma - ARP flush Bryce Verdier (Mar 15)
- Message not available
- RE: Invisible dilemma - ARP flush WALI (Mar 23)
- Invisible dilemma - ARP flush WALI (Mar 12)
- <Possible follow-ups>
- Re: Re: RDP Security alegr1 (Mar 07)
- RE: Re: RDP Security Roger A. Grimes (Mar 07)