IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [rdp]

Remote Desktop Protocol, a protocols for accessing Windows applications remotely

RDP (Remote Desktop Protocol) is a protocol to access graphical sessions remotely, and thus to run GUI applications remotely.

The protocol is defined by Microsoft and primarily used between Windows systems, but both clients and servers exist on other major operating systems. All versions of Windows (since XP) include an RDP client. A server is included in server-grade editions.

RDP can run over TCP or UDP. In both cases the default port is 3389. Since version 6 (supported since Windows Vista), the protocol can optionally run over TLS.

A similar protocol in the Unix world is VNC.

Further reading

126 questions
88
votes
10 answers

How secure is RDP?

I have a sort of a conflict with my company's Security Lead Engineer. He says that Remote Desktop Protocol (RDP) is not secure enough and we should be using TeamViewer instead. We use RDP not only to access local resources inside our corporate…
prot
  • 991
  • 1
  • 6
  • 7
35
votes
2 answers

Digging into DDoS attacks (includes hostile IP's from multiple honeypots)

I have been tracing a series of DDoS attempts, and am wondering if anyone else has seen anything like them. I've downloaded the following Powershell script which scrapes Terminal Server (RDP) Event Logs and dumps them to CSV. I've modified the…
turkinator
  • 603
  • 1
  • 7
  • 13
23
votes
2 answers

What are the risks of remoting in (RDP) to a compromised system?

Can the client be harmed in any way, and how?
PBeezy
  • 1,731
  • 2
  • 10
  • 11
17
votes
3 answers

Is there a secure way to have a publicly facing terminal server?

TL;DR We are looking at opening port 3389 for a terminal server all the advice I’ve seen is that its suicidal but without good explanations as to why. Is it really that bad? We are looking at setting up a terminal server for staff to access…
Hybrid
  • 4,178
  • 2
  • 21
  • 23
15
votes
3 answers

Enable RDP for internal network only

I just got a tablet and I want to use it to RDP into my main computer. The thing is, the first thing I did when I set up my PC was to disable RDP. I am not comfortable, and have no use for, allowing RDP connections from outside my network. I might…
TheCatWhisperer
  • 406
  • 1
  • 5
  • 12
14
votes
2 answers

Hiding user account names from unauthenticated RDP sessions

This is for a Windows 7 Ultimate system, which is not a member of a domain. When I log into the system locally, I am required to either manually enter my user ID or authenticate with biometrics. The system does not display my username on the…
Iszi
  • 26,997
  • 18
  • 98
  • 163
12
votes
2 answers

Windows RDP over internet

I'm trying to figure out the risks of running RDP over the internet, using two windows 10 professional stations, and if a VPN is absolutely necessary to achieve good security. From the information I found so far on the net, a leak was discovered in…
vic
  • 546
  • 3
  • 11
11
votes
2 answers

Is Two Factor Auth for RDP possible?

Is two factor authentication possible when using RDP with a Windows server, say by using a time dependent code?
user25221
  • 291
  • 1
  • 2
  • 7
10
votes
6 answers

RDP Attempts From Unknown IPs, How to Protect?

I'm running Windows Server2008 R2, and seeing the following error multiple times with various IPs in the event log: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP…
AlexVPerl
  • 243
  • 2
  • 9
9
votes
2 answers

Preventing LSASS from storing clear-text passwords in Kerberos environment

It is a well known security risk that LSASS stores clear-text passwords if a user has performed a keyboard-interactive logon on a machine - be it local login to his/her workstation or using RDP to a remote workstation. There is also a classic fix to…
Konrads
  • 589
  • 1
  • 5
  • 15
8
votes
2 answers

What information is exposed by simply opening an RDP connection to the internet?

Microsoft, Rackspace and other hosted providers allows people to RDP into that server. Here are a few examples: Microsoft has something called "Azure Connect" it is very easy to expose a domain connected terminal server to the Internet by simply…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
2 answers

How can Network Disconnect be implemented for RDP on a Windows system (2003/XP or later)?

From NIST SP 800-53, Rev. 3: SC-10 NETWORK DISCONNECT Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of…
Iszi
  • 26,997
  • 18
  • 98
  • 163
6
votes
1 answer

I'm hacked without telling anyone my ip

I have a pc with static IP bought from my ISP and RDP enabled. I was using this PC for development and didn't tell or use it for any communication purpose so it's not possible that someone knew about it. But I got hacked with a ransomware and all my…
Ammar Hussein
  • 171
  • 4
6
votes
2 answers

Is opening port 3389 on a router and forwarding this to a Windows SBS 2003 server secure?

I know of a company who has port 3389 open on their router and forwards this to a Windows SBS 2003 server. The server has the Windows firewall switched on, is patched and has an up to date antivirus program, the router is a Draytek 2820. Is this a…
JMK
  • 2,436
  • 7
  • 27
  • 38
5
votes
2 answers

How is RDP through VPN safer?

I've read that I shouldn't open RDP ports on my router (obviously with port forwarding, I don't mean opening 3389 port directly). Instead I should use something like VNC (I get that solution) or create a VPN connection and then use RDP locally. If a…
Jorhanc
  • 53
  • 1
  • 3
1
2 3
8 9