Home page logo
/

basics logo Security Basics mailing list archives

Re: RDP Security
From: Brent Gardner <brent.gardner () gmail com>
Date: Tue, 06 Mar 2007 14:08:36 -0700

I'm disappointed with the security Microsoft has built it to RDP.

From what I've seen the emphasis is on protecting clients from rogue
servers.  There's very little to protect servers from rogue clients.

For example, with the new version of the RDP client that ships with
Vista and is downloadable for XP and 2000, you can set clients to only
connect to servers that have a matching SSL certificate.

Somebody please correct me if I'm wrong because I really would like to
make this work, but it looks to me like you can't configure a server to
only talk to clients that have a matching certificate.  Non-certificated
clients can still connect and get a login screen.

I guess I'm not speaking to the strength of the protocol, but when I care about who gets to connect to my servers I use stunnel to send RDP sessions over an SSL/TLS tunnel.


Brent Gardner


Tornado wrote:
Hi All,

I was just curious to know how secure is Remote Desktop Protocol on the local network? I know that this protocol is prone to MITM attacks.But has Microsoft addressed this issue in the latest RDP client?

Thanks in advance.

----------------------------------------------------------------------
Click for  FHA loan, $0 lender fees, low rates & approvals nationwide
http://tags.bluebottle.com/fc/CAaCMPJetxFHQmpYDjxn9T2dV7G9wZV0/





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]