Regarding:
https://unix.stackexchange.com/questions/12924/ssh-tunnel-with-vnc
Which one would be better, if we look it @security side?
I heard that RDP is very very poor when it comes to security.
Asked
Active
Viewed 5,276 times
2
LanceBaynes
- 6,149
- 11
- 60
- 91
1 Answers
6
RDP has some issues, but these are broadly mitigated by getting the config right. Wicked Clown demonstrated a wonderful privilege escalation attack from restricted user to admin in less than 5 minutes at the recent B Sides London security conference which relied on a common misconfiguration - paper here. TLS can provide a strongly authenticated tunnel - which will help.
An alternative could be VNC - which also has potential issues, however using an SSH tunnel for this gives you a much better position with respect to security as you can use strong mutual authentication.
The key point to look at is what your key risks are - if you are worried about an attacker pretending to be a user, SSH or TLS with certificates gives you the authentication and encrypted tunnel part of the puzzle, is a good idea, however you still have the risk of an attacker stealing the mobile device:-)
Rory Alsop
- 61,367
- 12
- 115
- 320
-
so ssh tunnel+rdp... :( :\ – LanceBaynes May 10 '11 at 16:56
-
1or rdp+TLS .... – Rory Alsop May 10 '11 at 17:17
-
I don't trust RDP even if it would have a TLS feature. – LanceBaynes May 10 '11 at 17:33
-
@LanceBaynes can you provide a reason for not trusting RDP even with TLS? – Steve May 10 '11 at 19:45
-
I wanted to mean: RDP vs. OpenSSHD .... I think we don't need to compare the two on security side – LanceBaynes May 10 '11 at 19:54
-
@LanceBaynes, are you comparing apples and oranges? – D.W. May 11 '11 at 00:45