3

Thanks for taking your time to look into this question.

Background

I have my website hosted in a dedicated server in the cloud. The server is a Windows 2008 R2 machine. To publish I FTP files to the server. For general maintenance, I remotely connect into the servers using a RDP over SSL (My password is strong!). I also have a dedicated VPN betweeen my premises and this server.

The Problem

How secure is your standard Win 2008 box sitting on the internet with RDP enabled? I'm sure that in theory it could be brute forced.

Questions

  • How secure is the server provided the hosting provider does the patching etc?
  • Is RDP secure?
  • I could restrict the server to only accept RDP sessions from the Dedicated VPN in place, but this will certainly reduce the flexibility of admins accessing the server from a number of locations.
  • Also, RDP through this VPN we have in place is very slow.

Conundrum

Securing this machine by only alowing connections incoming from the dedicated VPN sounds like the most secure way to do it. I just don't want to lose the flexibility of connecting from multiple locations.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
Intrigue
  • 131
  • 2
  • Hi - welcome to Security Stack Exchange, This site works well with single questions (have a look at the faq, linked at the top of the page) but it you have a few questions here. Is the core one you want answered "How secure is RDP?" - if so, I would just cut the question down to that one. – Rory Alsop Mar 16 '12 at 09:19
  • Thanks Rory. If I could word my question better. How secure would be my server by letting RDP enabled and not restricted to certain IP Addresses ? Thanks. – Intrigue Mar 19 '12 at 01:22

3 Answers3

1

The risk of keeping that port open was demonstrated with the recent MS12-020 security bulletin. The exploit here attacks the service itself which is very serious. RDP has stood up well to attacks so far because once you login you have a new session initialized under that user. A strong password is usually enough.

But in this case, the service itself was attacked which gives the exploit code very privileged access. So I would restrict IP addresses as much as possible. If that just doesn't work, at least using a non-standard port would help.

You may want to consider using OpenSSH or OpenVPN as alternative access methods.

Mark Burnett
  • 2,810
  • 13
  • 16
1

I just don't want to lose the flexibility of connecting from multiple locations.

The request for flexibility usually limits security. Especially if you intend to access from multiple locations. However, I am not an expert of RDP and VPN, but you could take client-side certificates into account, too.

How secure is the server provided the hosting provider does the patching etc?

It depends since in general a hosting provider is interested in not having bad PR due to security holes. However, a lot of security problems are caused by misconfiguration. Still today, a stupendous number of providers misconfigure its systems.

Is RDP secure?

As I said, I do not know RDP well. But in general I would argue as above (misconfiguration). Wikipedia claims some issues.

Also, RDP through this VPN we have in place is very slow

This is not a real question, though, this is not very suprising. Security is often accomplished by using strong cryptography. This cryptography may increase traffic and computation effort.

mkind
  • 111
  • 2
1

RDP is a long-standing protocol which has gone through a lot of versions. Recent versions of the protocol encapsulate a SSL/TLS tunnel through which the actual exchanges take place (RDP has its own format for sending packets, and, within that format, SSL records are sent). This should be secure as long as the authentication layer (i.e. the password-based logon) is secure (which means "a random enough password") and the Remote Desktop Service on the machine does not have remotely exploitable holes. Unfortunately, the RDS code can have, like any other software, buffer overflows and similar weaknesses, as was demonstrated.

Microsoft has its own "solution" for that, called Terminal Services Gateway. It is an extra server which listens on port 443 for incoming SSL/TLS connections; the TSG authenticates the client (with a password or a certificate), and then forwards the RDP-style packets to the server which runs Remote Desktop Services. There are quite a few layers here:

  • SSL/TLS connection from the client to the TSG.
  • In that SSL/TLS tunnels, some RDP-style packets, sent to the server which runs RDS.
  • In these packets, SSL/TLS records for the SSL/TLS tunnel from the client to the RDS server.
  • In that SSL/TLS tunnel, the actual RDP packets which encode the keyboard strokes, mouse clicks and display updates.

What are the benefits of the TSG ? Mostly, this is a new server which is supposedly simpler and with a shorter implementation history, then theoretically with less bugs; chances are that the outer SSL/TLS code (the one ran by the TSG) is the same code than the one used by IIS to serve HTTPS Web sites, and that implementation must be reasonably robust since it has wide Internet exposure and is still alive. Also, TSG listens on port 443, which makes it easier for clients in environments with restrictive firewalls (port 443 is one of the ports which are most likely to be authorized for outgoing connections).

From the point of view of Microsoft, TSG has the additional benefit of being yet another server and specific software, so that's extra licenses. I am not sure you can put TSG and the target RDS on the same machine (Remote Desktop Service tends to disallow connections from "localhost").

Community
  • 1
Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949