is XP's remote desktop secure??

[vexingv]

i've been using tightvnc in conjunction w/ dyndns.org for some time now....but i just gave XP's remote desktop a try ...and it is much better, feels faster, and i can see my transparency effects (w/ vnc i couldnt see any windows that had transparency effects). however, is remote desktop secure?? esp. since i also installed IIS so that i can log on via internet explorer. i notice that it essentially uses the same logon and password as the user on the windows client does...but i dont want any random ppl (my friends included) trying to log on and break into my computer. does anyone know wut ports remote desktop (both the client and browser versions) or how i can customize it so that it uses a specific port so i can configure a firewall?

thanx in advance.

 

[Fuzznuts]

RDP use tcp 3389 as default. it is encrypted so passwords etc cant be sniffed. however if you have a weak password if someone had the time and patience the could keep battering away untill they hit pay dirt.

what i would do is this. rename the administator account to something else a normal username are a group name. then rename the guest account to administrator and then disable it. you could move it off the default port but a bit of scanning will so show where its at so doesnt seem much point tbh. i use it the whole time and have yet to see a problem but then i use strong passwords and none default account names. oh also dont allow you main account to log in. i use a restircted user account then use runas if i need to do anything adminy. kinda like linux ssh and su.

hope this helps

 

[Utterman]

Remote desktop is also referred to as a terminal service. I belive it uses port 3389 by default (You can change the port by following this guide).

If you want to advoid having to host the internet connection app, a simple search in google for "TSWeb" will bring up that connection program (Here is a link for one, just put in your IP address).

As far as security goes, I'm not totally sure how easy it is for someone to gain your login info and be able to get into your computer. One of the most secure methods is to create a VPN tunnel to your network and login that way. I think that you should be pretty safe as long as noone has your login for your computer.

 

[SaigonK]

Originally posted by: Fuzznuts
RDP use tcp 3389 as default. it is encrypted so passwords etc cant be sniffed. however if you have a weak password if someone had the time and patience the could keep battering away untill they hit pay dirt. what i would do is this. rename the administator account to something else a normal username are a group name. then rename the guest account to administrator and then disable it. you could move it off the default port but a bit of scanning will so show where its at so doesnt seem much point tbh. i use it the whole time and have yet to see a problem but then i use strong passwords and none default account names. oh also dont allow you main account to log in. i use a restircted user account then use runas if i need to do anything adminy. kinda like linux ssh and su. hope this helps

Remember that not all data passed through RDP is encrypted. So your password may be, but clipboard may not be.

http://support.microsoft.com/default.aspx?scid=kb;en-us;275727 for more details.

 

[vexingv]

thanx for responses...looks like i just need to make a strong password and disable/rename all the default accounts on the system...but i figure it cant be less secure than my current tightvnc setup (tho if that was compromised, it wouldnt be as bad as the entire windows system being compromised). question how would i go about setting up a vpn or ssl tunnel?...i'm a networking newbie and my system is just a regular (single pc, no router) home dsl setup