Is RDP without VPN safe?

I need remote access to my lab. Is RDP safe without VPN? I want to remote in to a box that is connected to my cisco gear while I'm out of town. Right now I'm using logmein, but it's kind of annoying the way it doesn't use my full desktop on the laptop (widescreen) the way that RDP would.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

jibbajabba

Depends really. With RDP you get full desktop access if someone is able to hack your account. If you do need remote access and you want to make it as secure as possible and you cannot setup a VPN then I would change at least the RDP port to something other than 3389. Also make sure you don't map drives in your RDP session as it is nt encrypted.

What I did once to make sure that the traffic is at least encrypted is connecting to a Linux server via SSH and RDP from there to the server using an internal IP.

undomiel

Gomjaba wrote: »

Also make sure you don't map drives in your RDP session as it is nt encrypted.

Where did you find this info? I looked around and couldn't find anything that states that the redirected drives uses a different encryption level than what the client is using.

Forsaken_GA

Gomjaba wrote: »

Depends really. With RDP you get full desktop access if someone is able to hack your account. If you do need remote access and you want to make it as secure as possible and you cannot setup a VPN then I would change at least the RDP port to something other than 3389. Also make sure you don't map drives in your RDP session as it is nt encrypted.

What I did once to make sure that the traffic is at least encrypted is connecting to a Linux server via SSH and RDP from there to the server using an internal IP.

RDP is encrypted. I suspect you're thinking of VNC, which is not encrypted.

As of version 6, RDP uses 128bit RC4 for encryption. Every client back to XP SP2 can be patched up to use version 6. The strength of the encryption is a separate debate.

I normally don't have a problem with running RDP directly. About the only time I tunnel it through SSH is to get around a firewall restriction

jibbajabba

undomiel wrote: »

Where did you find this info? I looked around and couldn't find anything that states that the redirected drives uses a different encryption level than what the client is using.

Sorry, I meant RDP <5.1

Forsaken_GA wrote: »

RDP is encrypted. I suspect you're thinking of VNC, which is not encrypted.

As of version 6, RDP uses 128bit RC4 for encryption. Every client back to XP SP2 can be patched up to use version 6. The strength of the encryption is a separate debate.

I normally don't have a problem with running RDP directly. About the only time I tunnel it through SSH is to get around a firewall restriction

Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..

RobertKaucher

Gomjaba wrote: »

Sorry, I meant RDP <5.1

Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..

I think you are confusing any encryption at all with the Network Level Authentication/Encrption provided by TLS in more recent versions. My understanding is that older versions had a weak form of encryption and were easily susceptible to man-in-the-middle attacks.

Forsaken_GA

Gomjaba wrote: »

Let me re-phrase, it depends what OS he is using .. up to 5.1 it wasn't encrypted (XP), only 2003 had TLS1 I think ..

Well, if you're using an unpatched XP box on the public internet, you've got other concerns besides what version of RDP you're running

But realistically, for most users, and likely for most users on this board, RDP is going to be encrypted.