Is Remote Desktop Connection Login secure over wireless?
Mark Findlay
When I am using free public wireless hotspots such as coffee-houses, etc.,
the security warning indicates that the connection is not secure, and I
understand that (essentially :)
My question is: If I use an un-secured wireless network connection, then
attempt to use Windows Remote Desktop Connection to connect to my PC at
home, is the username and password I type into the Remote Desktop Connection
settings encrypted or otherwise protected? Or am I at risk of hackers
intercepting the login credentials I pass to RDC?
Thanks!
Steven L Umbach
your password is never sent over the network. However I would never enter my
credentials on a public kiosk computer or other computer that I do not know
is secure/clean. From your description it sounds as if you are using your
own laptop. --- Steve
"Mark Findlay" <mfin...@speakeasy.org> wrote in message
news:%23ZSCsSk...@TK2MSFTNGP09.phx.gbl...
Mark Findlay
Just to clarify my understanding: the "secure tunnel" you refer to - that's
something that RDC creates automatically on my behalf? In other words, there
are no special configurations or special connection settings I need to
create on my laptop or the target PC? I only ask since I had seen some
references in other postings to private VPN etc., and I don't have any of
that set up. I am just using the default installations of XP on both laptop
and PC.
If there are any special configuration steps I need in order to establish
the "secure tunnel", could you elaborate on those?
Many thanks!
Mark
"Steven L Umbach" <n9...@nospam-comcast.net> wrote in message
news:eIHF00ki...@TK2MSFTNGP09.phx.gbl...
Steven L Umbach
do anything special. Just make sure you use real strong passwords on your
computer as others most likely attempt to logon also when they see port 3389
TCP open on your computer. I would also enable auditing of logon events in
Local Security Policy so that you can keep track of such. If you find an
abuser you could try to configure your firewall or ipsec filter to block
access from that persons public IP address. --- Steve
"Mark Findlay" <mfin...@speakeasy.org> wrote in message
news:eMA8jNyi...@TK2MSFTNGP09.phx.gbl...
Miha Pihler [MVP]
If I may add, just double check on Terminal server that the Encryption Level
is set to at least High.
For added security you could also add TLS to prevent e.g.
"man-in-the-middle" attacks...
How to configure a Windows Server 2003 terminal server to use TLS for server
authentication
http://support.microsoft.com/?id=895433
--
Mike
Microsoft MVP - Windows Security
"Steven L Umbach" <n9...@nospam-comcast.net> wrote in message
news:%23b%23v05yi...@TK2MSFTNGP09.phx.gbl...
Steven L Umbach
XP Pro [home pc mentioned]. If that is the case he still could use local
Group Policy to make sure default high encryption is enforced by going to
computer configuration/administrative templates/Windows components/terminal
services/encryption and security. --- Steve
"Miha Pihler [MVP]" <mihap...@atlantis.si> wrote in message
news:uby9wV3i...@TK2MSFTNGP09.phx.gbl...
Mark Findlay
For anyone else reading, I also changed the default port that RDC listens on
so that hackers trying 3389 would fail.
Thanks!
Mark
"Steven L Umbach" <n9...@nospam-comcast.net> wrote in message
news:eWZCPk3i...@TK2MSFTNGP15.phx.gbl...
Chris Weber [Security MVP]
vulnerable to a Denial of Service attack.
http://www.microsoft.com/technet/security/advisory/904797.mspx
This doesn't have anything to do with wireless, over which you are just as
secure as any other medium. However, you'll want to know about this.
Chris
"Mark Findlay" <mfin...@speakeasy.org> wrote in message
news:esNQpM$iFHA...@tk2msftngp13.phx.gbl...