How secure is this implementation?

C

Chris

I'm working on a project for a not-for-profit organization. I've been
provided with a W2K3 server at a hosting company. I'm the administrator of
the server.

The server is in its own workgroup (i.e., non-AD) configuration. The server
is not behind any type of hardware firewall; there is no VPN in place, either.

I connect to the server from the Vista PC in my home office via RDP using an
extremely long and complex password. I also connect to the server from my
Windows XP SP2 laptop. I believe I have the newest version of the RDP client
on both clients. I installed SP2 and all of the latest updates on the server.

I have the Windows Firewall on the server configured to only respond to RDP
(i.e., port 3389) traffic originating from the static IP address of my home
office.

How secure is this implementation? Is RDP traffic secure enough to prevent
someone from 'sniffing' and exploiting my credentials? Since there is no SSL
or VPN in place, is RDP traffic (especially the login process) sufficiently
encrypted?

The article "Hacking RDP" and the readers' comments
(http://mcpmag.com/columns/article.asp?EditorialsID=1699) indicate that using
RDP in this fashion is relatively safe--but I don't want to rely on just that
reference! Thanks.
 
L

Lanwench [MVP - Exchange]

Chris <cwaters@newsgroup.nospam> wrote:
> I'm working on a project for a not-for-profit organization. I've been
> provided with a W2K3 server at a hosting company. I'm the
> administrator of the server.
>
> The server is in its own workgroup (i.e., non-AD) configuration. The
> server is not behind any type of hardware firewall; there is no VPN
> in place, either.
>
> I connect to the server from the Vista PC in my home office via RDP
> using an extremely long and complex password. I also connect to the
> server from my Windows XP SP2 laptop. I believe I have the newest
> version of the RDP client on both clients. I installed SP2 and all of
> the latest updates on the server.
>
> I have the Windows Firewall on the server configured to only respond
> to RDP (i.e., port 3389) traffic originating from the static IP
> address of my home office.
>
> How secure is this implementation? Is RDP traffic secure enough to
> prevent someone from 'sniffing' and exploiting my credentials? Since
> there is no SSL or VPN in place, is RDP traffic (especially the login
> process) sufficiently encrypted?
>
> The article "Hacking RDP" and the readers' comments
> (http://mcpmag.com/columns/article.asp?EditorialsID=1699) indicate
> that using RDP in this fashion is relatively safe--but I don't want
> to rely on just that reference! Thanks.



Yeesh. I would never want to rely only on the Windows firewall for
this....that's true regardless of TS. They really need some sort of
perimeter device. Even a cheap and cheerful Netgear or Linksys firewall
appliance would be better.
 
F

Frane

As it is hosted terminal server I think there is now way to implement third
party FW device in front of that server.
Regarding windows firewall security it is Firewall software with filters
applied only to incoming traffic. It is not state of the art software like
some third parety appliation, but it does its job, protecting computer from
outside world. Keep your server clean inside and it will be OK.
Regarding RDP security you can use encryption to protect the data that
travels between the terminal server and the terminal services client. If
you fear unauthorized interception of the data as it travels between the
two, you should enable encryption. RSA RC4 algorith is used.
You can check extra info here
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html



--
____________________________________
Frane Borozan
Terminal Services and Citrix Presentation Server user logging
http://www.terminalserviceslog.com
 

Nico

New Member
May 30, 2008
There are also things you can do on the coding end of things as an administrator to make sure users don't manipulate their privileges. You might be able to pick up some tips here: HelloSecureWorld
 
Top Bottom