Options
Is RDP without VPN safe?
I need remote access to my lab. Is RDP safe without VPN? I want to remote in to a box that is connected to my cisco gear while I'm out of town. Right now I'm using logmein, but it's kind of annoying the way it doesn't use my full desktop on the laptop (widescreen) the way that RDP would.
Climb a mountain, tell no one.
Comments
-
Options
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Depends really. With RDP you get full desktop access if someone is able to hack your account. If you do need remote access and you want to make it as secure as possible and you cannot setup a VPN then I would change at least the RDP port to something other than 3389. Also make sure you don't map drives in your RDP session as it is nt encrypted.
What I did once to make sure that the traffic is at least encrypted is connecting to a Linux server via SSH and RDP from there to the server using an internal IP.My own knowledge base made public: http://open902.com
-
Options
undomiel
Member Posts: 2,818
Also make sure you don't map drives in your RDP session as it is nt encrypted.
Where did you find this info? I looked around and couldn't find anything that states that the redirected drives uses a different encryption level than what the client is using.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
Options
Forsaken_GA
Member Posts: 4,024
Depends really. With RDP you get full desktop access if someone is able to hack your account. If you do need remote access and you want to make it as secure as possible and you cannot setup a VPN then I would change at least the RDP port to something other than 3389. Also make sure you don't map drives in your RDP session as it is nt encrypted.
What I did once to make sure that the traffic is at least encrypted is connecting to a Linux server via SSH and RDP from there to the server using an internal IP.
RDP is encrypted. I suspect you're thinking of VNC, which is not encrypted.
As of version 6, RDP uses 128bit RC4 for encryption. Every client back to XP SP2 can be patched up to use version 6. The strength of the encryption is a separate debate.
I normally don't have a problem with running RDP directly. About the only time I tunnel it through SSH is to get around a firewall restriction -
Optionsjibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Where did you find this info? I looked around and couldn't find anything that states that the redirected drives uses a different encryption level than what the client is using.
Sorry, I meant RDP <5.1Forsaken_GA wrote: »RDP is encrypted. I suspect you're thinking of VNC, which is not encrypted.
As of version 6, RDP uses 128bit RC4 for encryption. Every client back to XP SP2 can be patched up to use version 6. The strength of the encryption is a separate debate.
I normally don't have a problem with running RDP directly. About the only time I tunnel it through SSH is to get around a firewall restriction
Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..My own knowledge base made public: http://open902.com -
Options
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
Sorry, I meant RDP <5.1
Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..
I think you are confusing any encryption at all with the Network Level Authentication/Encrption provided by TLS in more recent versions. My understanding is that older versions had a weak form of encryption and were easily susceptible to man-in-the-middle attacks. -
OptionsForsaken_GA
Member Posts: 4,024
Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..
Well, if you're using an unpatched XP box on the public internet, you've got other concerns besides what version of RDP you're running
But realistically, for most users, and likely for most users on this board, RDP is going to be encrypted.
