Well, Remote Desktop is fairly secure by itself. It is encrypted
traffic, and using local group policies, you can encrypt it up to
256bit. Only the username is passed in cleartext for transmission. The
password and everything else seems to be encrypted.
Still, if it is open to the Internet, it can be exploited. I think
with an administrator account, you have 6 tries, and then a lockout
occurs for 30 minutes, and then you can try again. So, a brute force
attack, although slow, could prove effective. You can set this with
group policy as well. While you are at it, enforce strong complexity
requirements (at least 6 characters, 3 out of 4 conditions must be met
[uppercase, lowercase, special character, number]).
I have always read that a better method is to tunnel RDP either
through VPN, or through SSH. In either case, they provide an
additional layer of security that stops everyone from trying to get
into the system, and further stops everyone from seeing the remote
desktop login.
On 10/21/05, cc <cc@belfordhk.com> wrote:
Dear All,
The company I work with recently required a remote desktop access and
to keep the budget down, I used a XP Pro system to receive only one
Remote Desktop user.
Since this requires the opening up of a port on the firewall,
I'm quite concerned. I have limited the system to only one or
two users who can log on. Since this is my initial foray
into the remote desktop client (in the past, we used PCAnywhere,
but it's getting more and more expensive(hard to justify
purchasing a license for each system).
In what ways can I protect the remote desktop system from
being broken into? (Well, aside from shutting it down.)
Any pointers appreciated.
Edmund
