Re: RDP and encryption
- From: "Sooner Al [MVP]" <SoonerAl@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Oct 2007 07:57:45 -0500
"Taibear ios" <Taibear@xxxxxxx> wrote in message news:4710b151@xxxxxxxxxxxxxxxxxxxxxxxx
one more question...
IF I was able to use Vista Ultimate as the RDP host and Vista premium as the Client,
would this result in a more secure-encrypted session?
thanks
"Taibear ios" <Taibear@xxxxxxx> wrote in message news:4710b044@xxxxxxxxxxxxxxxxxxxxxxxxHello I want to know how much or how I can configure XPSP2 pro (HOST) to Vista (client) to have
an ENCRYPTED RDP session. I found this page http://support.microsoft.com/kb/275727
But Its not clear...
so my questions are:
Is RDP already encrypted and to what level?
Must I change anything on the RDP server (XPSP2 Pro) or client (Vista Premium Home) to get better encryption?
Is VNC (like ultraVNC) better encrypted than RDP?
basically I want to know if someone (anyone) can intercept the data stream of the RDP session and
see what the user is doing...
thank you
The entire Remote Desktop (RDP) session is encrypted by default at 128-bits. If a client like a PocketPC, that can only do 64-bit encryption, connects then that is what the session will be at. So I always recommend configuring the RDP host PC to only allow connections using "high" encryption versus "client compatible". That is configured using a group policy setting.
http://theillustratednetwork.mvps.org/RemoteDesktop/RDP6ConfigRecommendations.html
The big difference connecting a Vista-2-Vista Remote Desktop session versus a Vista-2-XP session is the use of Network Level Authentication (NLA) which is not available for XP. NLA will help prevent man-in-the-middle attacks.
It goes without saying that you should use a strong password.
http://www.microsoft.com/protect/yourself/password/checker.mspx
I also limit access to my Vista and XP Pro desktops with Remote Desktop to my normal standard/limited user accounts. I disable access to my administrator account. In this example my normal admin account is called root (original eh...) and can not access my desktop via Remote Desktop.
http://theillustratednetwork.mvps.org/Vista/RDP/NoAdminUserLogintoRDP.jpg
Some folks, including myself, also only run Remote Desktop through a VPN or Secure Shell (SSH) tunnel. I like SSH because I can use a 4096-bit RSA private/public key pair protected by a strong password for authentication versus a password only (strong or otherwise). Another advantage of a VPN or SSH tunnel is you can access multiple desktops through the tunnel with needing to open multiple ports.
http://theillustratednetwork.mvps.org/Ssh/SecureShell.html
Remember if you are accessing a XP Pro/MCE machine from a Vista machine that you need to configure the Vista RDP client like this...
http://theillustratednetwork.mvps.org/ScreenShots/XP/RDP6-XPClientSettings.jpg
FWIW, I have always found the Remote Desktop is much faster and more responsive that VNC (any flavor). As always YMMV...
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
.
- Follow-Ups:
- Re: RDP and encryption
- From: Sooner Al [MVP]
- Re: RDP and encryption
- References:
- RDP and encryption
- From: Taibear ios
- Re: RDP and encryption
- From: Taibear ios
- RDP and encryption
- Prev by Date: Re: RDP and encryption
- Next by Date: Re: RDP and encryption
- Previous by thread: Re: RDP and encryption
- Next by thread: Re: RDP and encryption
- Index(es):
Relevant Pages
|
