Jump to content

How secure is this implementation?

Guest Chris

By Guest Chris
May 19, 2008 in Windows NT Server

Share

https://extremetechsupport.com/topic/93355-how-secure-is-this-implementation/

Recommended Posts

Guest Chris

Guest Chris

Posted May 19, 2008

Posted May 19, 2008

I'm working on a project for a not-for-profit organization. I've been

provided with a W2K3 server at a hosting company. I'm the administrator of

the server.

The server is in its own workgroup (i.e., non-AD) configuration. The server

is not behind any type of hardware firewall; there is no VPN in place, either.

I connect to the server from the Vista PC in my home office via RDP using an

extremely long and complex password. I also connect to the server from my

Windows XP SP2 laptop. I believe I have the newest version of the RDP client

on both clients. I installed SP2 and all of the latest updates on the server.

I have the Windows Firewall on the server configured to only respond to RDP

(i.e., port 3389) traffic originating from the static IP address of my home

office.

How secure is this implementation? Is RDP traffic secure enough to prevent

someone from 'sniffing' and exploiting my credentials? Since there is no SSL

or VPN in place, is RDP traffic (especially the login process) sufficiently

encrypted?

The article "Hacking RDP" and the readers' comments

(http://mcpmag.com/columns/article.asp?EditorialsID=1699) indicate that using

RDP in this fashion is relatively safe--but I don't want to rely on just that

reference! Thanks.

Top Posters In This Topic

1

Popular Days

Top Posters In This Topic

Nico1731095028 1 post

Popular Days

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted May 19, 2008

Posted May 19, 2008

Re: How secure is this implementation?

Chris <cwaters@newsgroup.nospam> wrote:

> I'm working on a project for a not-for-profit organization. I've been

> provided with a W2K3 server at a hosting company. I'm the

> administrator of the server.

>

> The server is in its own workgroup (i.e., non-AD) configuration. The

> server is not behind any type of hardware firewall; there is no VPN

> in place, either.

>

> I connect to the server from the Vista PC in my home office via RDP

> using an extremely long and complex password. I also connect to the

> server from my Windows XP SP2 laptop. I believe I have the newest

> version of the RDP client on both clients. I installed SP2 and all of

> the latest updates on the server.

>

> I have the Windows Firewall on the server configured to only respond

> to RDP (i.e., port 3389) traffic originating from the static IP

> address of my home office.

>

> How secure is this implementation? Is RDP traffic secure enough to

> prevent someone from 'sniffing' and exploiting my credentials? Since

> there is no SSL or VPN in place, is RDP traffic (especially the login

> process) sufficiently encrypted?

>

> The article "Hacking RDP" and the readers' comments

> (http://mcpmag.com/columns/article.asp?EditorialsID=1699) indicate

> that using RDP in this fashion is relatively safe--but I don't want

> to rely on just that reference! Thanks.

Yeesh. I would never want to rely only on the Windows firewall for

this....that's true regardless of TS. They really need some sort of

perimeter device. Even a cheap and cheerful Netgear or Linksys firewall

appliance would be better.

Guest Frane

Guest Frane

Posted May 19, 2008

Posted May 19, 2008

Re: How secure is this implementation?

As it is hosted terminal server I think there is now way to implement third

party FW device in front of that server.

Regarding windows firewall security it is Firewall software with filters

applied only to incoming traffic. It is not state of the art software like

some third parety appliation, but it does its job, protecting computer from

outside world. Keep your server clean inside and it will be OK.

Regarding RDP security you can use encryption to protect the data that

travels between the terminal server and the terminal services client. If

you fear unauthorized interception of the data as it travels between the

two, you should enable encryption. RSA RC4 algorith is used.

You can check extra info here

http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

--

____________________________________

Frane Borozan

Terminal Services and Citrix Presentation Server user logging

http://www.terminalserviceslog.com

2 weeks later...

Nico1731095028

Newbie

Nico1731095028

Posted May 30, 2008

Posted May 30, 2008

Re: How secure is this implementation?

There are also things you can do on the coding end of things as an administrator to make sure users don't manipulate their privileges. You might be able to pick up some tips here: HelloSecureWorld

Share

https://extremetechsupport.com/topic/93355-how-secure-is-this-implementation/

Go to topic listing

Similar Content
- "Not Implemented" when clicking on photos in Windows Explorer
  
  By Guest Danielnrg, October 31, 2024
  - 0 replies
  - 33 views
  - Guest
  - October 31, 2024
- Essential Planning and Implementation Strategies for AI Integration
  
  By Guest Industry Perspectives, October 15, 2024
  - 0 replies
  - 25 views
  - Guest
  - October 15, 2024
- How can download Windows security on my HP.
  
  By Guest Stéphane AGBAKOU, October 31, 2024
  - 0 replies
  - 43 views
  - Guest
  - October 31, 2024
- How to troubleshoot 521 Events in Windows Security Log
  
  By Guest Kel Koop, October 27, 2024
  - 0 replies
  - 30 views
  - Guest
  - October 27, 2024
- LAPS Implementation - Warning (10108) showing on clients (msLAPSCurrentPasswordVersion attribute has not been added to the Active Directory Schema)
  
  By Guest /u/k1m404, October 27, 2024
  - 0 replies
  - 22 views
  - Guest
  - October 27, 2024

×

Browse
- Back
- Forums
- Resources
- Downloads
- Link Directory
- Online Users
- Staff
- Blogs
- Events
- Videos
- Leaderboard
Activity
- Back
- All Activity
- Search
- Our Picks
Site Info
Support

×

Create New...