Is it secure to connect to a remote Windows Server using Remote Desktop only?

Question

I have a Windows Server that I login to from my home. I only use the pre-installed Remote Desktop. Is this a secure way to remote login or should I improve it in some way? If I should improve it, please describe how it is more secure that way.

Answer 1

If you are using SSL, see this technote for details.

In particular, it is important to set up your security layers

The three available security layers are:

SSL (TLS 1.0) SSL (TLS 1.0)

will be used for server authentication and for encrypting all data transferred between the server and the client.

Negotiate

The most secure layer that is supported by the client will be used. If supported, SSL (TLS 1.0) will be used. If the client does not support SSL (TLS 1.0), the RDP Security Layer will be used. This is the default setting.

RDP Security Layer

Communication between the server and the client will use native RDP encryption. If you select RDP Security Layer, you cannot use Network Level Authentication.

And the Encryption Level:

Low

Data sent from the client to the server is encrypted using 56-bit encryption. Data sent from the server to the client is not encrypted.

Client Compatible Encrypts client/server communication at the maximum key strength supported by the client. Use this level when the terminal server is running in an environment containing mixed or legacy clients. This is the default encryption level.

High Encrypts client/server communication using 128-bit encryption. Use this level when the clients accessing the terminal server also support 128-bit encryption. When encryption is set at this level, clients that do not support this level of encryption will not be able to connect.

FIPS *Compliant* All client/server communication is encrypted and decrypted with the Federal Information Processing Standards (FIPS) encryption algorithms. FIPS 140-1 (1994) and its successor, FIPS 140-2 (2001), describe U.S. government requirements for encryption.