Jump to content

Guide for Secure communication between client and TS

Guest Goku 316

By Guest Goku 316
in Windows NT Server

 Share

Recommended Posts

Guest Goku 316

Guest Goku 316

Posted
Posted

We have 2 TS farms both containing 2003 sp2 servers.

For the general part the clients are outsiders with windows xp and higher.

Also Mac clients are connected with the old and new rdp software from

mactopia website.

 

Worried about secure communication between the server and the clients. Want

to avoid DoS attacks, dictionary password cracking as well as man in the

middle scenarios.

 

As it stands the Encryption level (in RDP-TCP properties) is set to “Client

Compatible”.

Will setting the encryption level to high be enough to be safe? It is 128

bit encryption.

 

(I am aware of the SSL cert setup but trying to avoid this since the clients

are all outsiders and applying the cert to each computer is a killer.)

 

Thanks in advance.

 

--

Goku 316

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Eugene Sukhodolin

Guest Eugene Sukhodolin

Posted
Posted

Re: Guide for Secure communication between client and TS

 

> Worried about secure communication between the server and the

> clients. Want

> to avoid DoS attacks, dictionary password cracking as well as man in

> the

> middle scenarios.

 

MITM attacks can only be prevented by the SSL/TLS mode. Native RDP

encryption modes are vulnerable to MITM.

> As it stands the Encryption level (in RDP-TCP properties) is set to

> “Client

> Compatible”.

> Will setting the encryption level to high be enough to be safe? It

> is 128

> bit encryption.

 

You need to set "High" or "FIPS". But i'm not sure if Mac clients

support FIPS.

> (I am aware of the SSL cert setup but trying to avoid this since the

> clients

> are all outsiders and applying the cert to each computer is a

> killer.)

 

Actually, SSL/TLS is the safest mode.

 

--

Sincerely,

Eugene Sukhodolin

CTO, TSFactory Inc.

http://www.tsfactory.com

Guest Goku 316

Guest Goku 316

Posted
Posted

Re: Guide for Secure communication between client and TS

 

Thank you for your response!

 

My question then is that if I get a cert from Verisign will the client

automatically get the cert installed since Verisign Root certs are shipped

with almost all operating systems?

 

The clients all work from home so that is why I am asking. We will have to

guide 100+ clients on how to preinstall the cert if needed. However with a

Verisign cert it may make it easier.

 

I am applying the same principle as I did with the SSL setup with outlook

web access.

Our consultant gave us a cert from another non famous dealer but it was

hell. I obtained one from Verisign and it was a smooth setup.

 

I really appreciate your prompt response.

 

--

Goku 316

 

 

"Eugene Sukhodolin" wrote:

> > Worried about secure communication between the server and the

> > clients. Want

> > to avoid DoS attacks, dictionary password cracking as well as man in

> > the

> > middle scenarios.

>

> MITM attacks can only be prevented by the SSL/TLS mode. Native RDP

> encryption modes are vulnerable to MITM.

>

> > As it stands the Encryption level (in RDP-TCP properties) is set to

> > “Client

> > Compatible”.

> > Will setting the encryption level to high be enough to be safe? It

> > is 128

> > bit encryption.

>

> You need to set "High" or "FIPS". But i'm not sure if Mac clients

> support FIPS.

>

> > (I am aware of the SSL cert setup but trying to avoid this since the

> > clients

> > are all outsiders and applying the cert to each computer is a

> > killer.)

>

> Actually, SSL/TLS is the safest mode.

>

> --

> Sincerely,

> Eugene Sukhodolin

> CTO, TSFactory Inc.

> http://www.tsfactory.com

>

>

  • 2 months later...
Guest austbear

Guest austbear

Posted
Posted

Re: Guide for Secure communication between client and TS

 

If you get a certificate from a well-known CA such as Verisign then there is

a 99.9% chance that you don't have to install the certificate mannually on

the clients. If you have configured your Outlook Web Access then the process

is very similar (infact you may use the same certificate if want to Remote

Desktop to te same server).

 

"Goku 316" wrote:

> Thank you for your response!

>

> My question then is that if I get a cert from Verisign will the client

> automatically get the cert installed since Verisign Root certs are shipped

> with almost all operating systems?

>

> The clients all work from home so that is why I am asking. We will have to

> guide 100+ clients on how to preinstall the cert if needed. However with a

> Verisign cert it may make it easier.

>

> I am applying the same principle as I did with the SSL setup with outlook

> web access.

> Our consultant gave us a cert from another non famous dealer but it was

> hell. I obtained one from Verisign and it was a smooth setup.

>

> I really appreciate your prompt response.

>

> --

> Goku 316

>

>

> "Eugene Sukhodolin" wrote:

>

> > > Worried about secure communication between the server and the

> > > clients. Want

> > > to avoid DoS attacks, dictionary password cracking as well as man in

> > > the

> > > middle scenarios.

> >

> > MITM attacks can only be prevented by the SSL/TLS mode. Native RDP

> > encryption modes are vulnerable to MITM.

> >

> > > As it stands the Encryption level (in RDP-TCP properties) is set to

> > > “Client

> > > Compatible”.

> > > Will setting the encryption level to high be enough to be safe? It

> > > is 128

> > > bit encryption.

> >

> > You need to set "High" or "FIPS". But i'm not sure if Mac clients

> > support FIPS.

> >

> > > (I am aware of the SSL cert setup but trying to avoid this since the

> > > clients

> > > are all outsiders and applying the cert to each computer is a

> > > killer.)

> >

> > Actually, SSL/TLS is the safest mode.

> >

> > --

> > Sincerely,

> > Eugene Sukhodolin

> > CTO, TSFactory Inc.

> > http://www.tsfactory.com

> >

> >

 Share
Go to topic listing
×
×
  • Create New...