• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How secure is Remote Desktop (server side?)

M

MDesigner

Platinum Member
Just wondering if anyone is confident enough to open up port 3389 for Remote Desktop, so you could access your machine from anywhere. Any known security issues?
 
The only suggestion is to put a login banner to prevent brute-force attacks. Other than that, RDP is secure.
 
OK.. then would you recommend changing the port RDP listens on, to something else (in the ten-thousands?) Or maybe a different solution such as Ultr@VNC or TightVNC?
 
Originally posted by: MDesigner
OK.. then would you recommend changing the port RDP listens on, to something else (in the ten-thousands?) Or maybe a different solution such as Ultr@VNC or TightVNC?
Click to expand...

No. Changing the port doesn't make it secure. VNC has the same issues, so does SSH. Restricting the service is a good start on defending the system.

If you want something better, use a VPN.
 
Changing the port doesn't make it secure but it makes it harder to find. If RDP is customized to run on port 38057, what are the chances someone is going to find it? And what do you mean by "restricting the service"?
 
Originally posted by: n0cmonkey
Originally posted by: MDesigner
OK.. then would you recommend changing the port RDP listens on, to something else (in the ten-thousands?) Or maybe a different solution such as Ultr@VNC or TightVNC?
Click to expand...

No. Changing the port doesn't make it secure. VNC has the same issues, so does SSH. Restricting the service is a good start on defending the system.

If you want something better, use a VPN.
Click to expand...

Are we talking about a home computer or for business use?
 
Originally posted by: MDesigner
Changing the port doesn't make it secure but it makes it harder to find. If RDP is customized to run on port 38057, what are the chances someone is going to find it?
Click to expand...

It's easy. nmap is fast.

And what do you mean by "restricting the service"?
Click to expand...

Use a firewall to restrict the IPs someone can connect to it from.
 
Changing the port doesn't make it secure but it makes it harder to find.
Click to expand...

No it doesn't, nmap service version detection can identify it on any port.

f RDP is customized to run on port 38057, what are the chances someone is going to find it? And what do you mean by "restricting the service"?
Click to expand...

If they want to attack your machine specifically, 100%.
 
Is nmap a port scanner? I'd like to hear how someone can determine what port I'm running Remote Desktop on, if all they know is my IP.
 
I can't run it on myself for whatever reason.. but I get the point. I ran it on the machine that hosts my web site, and it very quickly came back with plenty of ports.

Let me ask you this, then, regarding securing ports.. is there some kind of Windows software I can run that will only allow connections to certain ports based on the originator's IP address? My router uses the dd-wrt firmware.. it would be kinda nice if they eventually implemented such a feature.
 
Originally posted by: SleepWalkerX
Take a look at Hamachi maybe. Its pretty cool.
Click to expand...

QFT. Hamachi is great for setting up a simple, secure VPN. You don't have to open any ports. For best results, look into setting it up as a service.
 
Originally posted by: Penth
Originally posted by: SleepWalkerX
Take a look at Hamachi maybe. Its pretty cool.
Click to expand...

QFT. Hamachi is great for setting up a simple, secure VPN. You don't have to open any ports. For best results, look into setting it up as a service.
Click to expand...


Its fast and very secure, I would recommend it to anyone looking for a vpn
 
Originally posted by: Zugzwang152
Originally posted by: n0cmonkey
Originally posted by: Zugzwang152
Are we talking about a home computer or for business use?
Click to expand...

It shouldn't really matter, setting up a VPN appears to be quick and easy.
Click to expand...

hence why I asked. Who's gonna set up 2 different boxes as VPN gateways for a single home computer? makes no sense whatsoever.
Click to expand...

This is a tech site. If you only have one computer you don't belong here. 😉
 
Originally posted by: n0cmonkey
Originally posted by: Zugzwang152
Originally posted by: n0cmonkey
Originally posted by: Zugzwang152
Are we talking about a home computer or for business use?
Click to expand...

It shouldn't really matter, setting up a VPN appears to be quick and easy.
Click to expand...

hence why I asked. Who's gonna set up 2 different boxes as VPN gateways for a single home computer? makes no sense whatsoever.
Click to expand...

This is a tech site. If you only have one computer you don't belong here. 😉
Click to expand...

:Q
 
Originally posted by: Zugzwang152
Opening 3389 to the Internet is probably a bad idea. By default it does use 128-bit RC4 encryption, but apparently man in the middle attacks are still possible.

http://www.oxid.it/downloads/rdp-gbu.pdf is a brief description of the problem, or Google for "microsoft remote desktop security" for a plethora of information.
Click to expand...
For business use RDP alone is generally not considered "secure enough".

However mounting a successful man in the middle attack against RDP requires a fairly high level of knowledge by someone who has singled you out for attack. Since this is an unmanaged environment I feel compelled to point out that if someone knowledgeable really has it in for you it's most likely that they would be able to perform an easier attack than this (lowest-hanging fruit).

What do I do for my computer at home? I allow RDP so I can connect to my computer at home, than just restrict the addresses that can connect to it through my firewall. I do run in it on a non-standard port, but that?s because I used to run another box on 3389 and I haven?t changed since.

What do I do at work? RDP over L2TP/IPSec VPN.

And for those of you who do want to argue technical semantics if someone can perform successful DNS spoofing who cares if they do a MITM attack at all. All they would need to do is prompt for your username and password and wait for you to give them your credentials, from there they could just give them some generic error message and disconnect and perform all sorts of fun things now that they have your credentials. This is why in managed environments it?s so important to control network services, if you don?t have security at the lower levels ensuring security at the application level is much harder.

Just trying to put this all in a practical light for the OP.
 
Originally posted by: Seeruk
Originally posted by: n0cmonkey
This is a tech site. If you only have one computer you don't belong here. 😉
Click to expand...

😀 Funny but true 🙂
Click to expand...

lol.. very true

I'm about to pick through the bone yard now in order to rebuild my now defunct k2-500 smoothwall box.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top