How secure is Remote Desktop (server side?)

[nweaver]

the lack of server keying to prevent mitm attacks is a flaw in RDP imho. That is why I only RDP through ssh tunnels. I have complex keys setup (instead of passwords) and I reject connection if the server's key is different.

openssh >>>>>>> rdp

 

[Codewiz]

I use Openssh to secure my connection and only allow certain key-pairs to connect to it. Then I access remote desktop over that. If you use dd-wrt, I believe you can use the ssh server built into it.

 

[RebateMonger]

Originally posted by: spyordie007
...However mounting a successful man in the middle attack against RDP requires a fairly high level of knowledge by someone who has singled you out for attack. Since this is an unmanaged environment I feel compelled to point out that if someone knowledgeable really has it in for you it's most likely that they would be able to perform an easier attack than this (lowest-hanging fruit)....

There's only been one reported successful attack against Server 2003's RDP, and that was because of Korean-language add-on. Obviously, if you have weak passwords, all bets are off no matter what access method you choose.

ANY remote access technique has its faults. VPNs, for instance, open your network to transmision of worms and such from any connecting contaminated computers. No matter what the connection technque, the most LIKELY way you'll get hacked is through weak or easy-to-guess passwords, through a known application vulnerability, or through the (unknowing) installation of trojans or spyware.

As spyordie points out, it's too much work to do some of the more complex attack methods. There are too many easier ways...

BTW...if you worry about RDP's "man-in-the-middle" vulnerability, you may also consider Microsoft's SBS 2003 Remote Web Workplace, which uses a more-secure modification of Remote Desktop and isn't vulnerable to MITM. This would only work for companies with less than 75 employees or so, though.

 

[spikespiegal]

This is an interesting discussion because I've used RDP and terminal services for a long time, and find port scans against port 3389 and 1494 (Citrix ICA) to be non-existent. If there are hackers looking to get in, they sure as heck aren't interested in bashing logon passwords with those services.

However, if I'm on a static IP on the client end I'll hard lock that into my Firewall, or at the least disable the Admin account from having RDP access.

 

[Nothinman]

This is an interesting discussion because I've used RDP and terminal services for a long time, and find port scans against port 3389 and 1494 (Citrix ICA) to be non-existent. If there are hackers looking to get in, they sure as heck aren't interested in bashing logon passwords with those services.

That's irrelevant, do you leave your doors unlocked because no one's tried to break in yet?

 

[MDesigner]

Bad analogy. It takes a lot more technical savvy and knowledge to break into a computer than it does to walk into an unlocked house. Plus, an unlocked door would be more comparable to having Remote Desktop set up with NO login required.. immediate admin access.

 

[Nothinman]

Bad analogy. It takes a lot more technical savvy and knowledge to break into a computer than it does to walk into an unlocked house. Plus, an unlocked door would be more comparable to having Remote Desktop set up with NO login required.. immediate admin access.

But the point is still the same, you don't wait until after an attempt is made to secure something, right?

 

[MDesigner]

Originally posted by: Nothinman

Bad analogy. It takes a lot more technical savvy and knowledge to break into a computer than it does to walk into an unlocked house. Plus, an unlocked door would be more comparable to having Remote Desktop set up with NO login required.. immediate admin access.

But the point is still the same, you don't wait until after an attempt is made to secure something, right?

True, true.