IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [rdp]

Remote Desktop Protocol, a protocols for accessing Windows applications remotely

RDP (Remote Desktop Protocol) is a protocol to access graphical sessions remotely, and thus to run GUI applications remotely.

The protocol is defined by Microsoft and primarily used between Windows systems, but both clients and servers exist on other major operating systems. All versions of Windows (since XP) include an RDP client. A server is included in server-grade editions.

RDP can run over TCP or UDP. In both cases the default port is 3389. Since version 6 (supported since Windows Vista), the protocol can optionally run over TLS.

A similar protocol in the Unix world is VNC.

Further reading

126 questions
5
votes
2 answers

Connection on port 3387 Event viewer says "authorized"

This event shows up multiple times within a minute like it was being brute-forced, but it says "authorized". My question is: Is there anyway I can see any commands that came in from this connection? I looked through my logs and files edited on that…
Rick Alvarez
  • 51
  • 5
5
votes
2 answers

CVE-2018-0886 mitigation for an unpatchable RDP server

An up-to-date Windows 10 client is connecting to a Windows 10 RDP host which is stuck at 1511 (host can't be updated and 1511 is out of support for receiving patches such as the CVE-2018-0886 mitigation). What exactly is the exposure going over…
Zenilogix
  • 171
  • 3
5
votes
1 answer

Can passwords be brute-forced through RDP?

We had a small discussion about a security-related article at work today, and I was a bit surprised about one thing - they claim that some attackers managed to brute-force guess the password of someone and log on through RDP. The article was written…
Vilx-
  • 998
  • 2
  • 7
  • 15
5
votes
2 answers

Is there a way to see what is program is causing RDP attempts on computer

One of our servers (running RdpGuard) shows multiple failed attempts from specific users' machines (3 to be exact) and I can't figure out what is causing them. One user is local and two are remote using VPNs. Today there's a pattern in the…
mend0k
  • 153
  • 3
4
votes
3 answers

Is there a compelling reason to ssh tunnel RDP connections?

We don't run any Microsoft products natively in our office, but there are a few folks who use a linux RDP client to access an application on remote virtual desktops with a service provider. Would it be worth the effort to tunnel the RDP through ssh,…
Bryan Agee
  • 1,186
  • 1
  • 10
  • 17
4
votes
1 answer

Is RDP an effective security barrier

If you need to provide access to a GUI / GUIs in one network from within another network, can RDP (e.g. via Terminal Services) be used as an effective security 'barrier', to stop any other direct network connectivity between the two environments. I…
user20929
  • 41
  • 1
4
votes
2 answers

Remmina RDP Certificate Fingerprint Changed

I've been using Remmina to connect to my RDP server across the internet. When I first connected to the server, I had to accept the certificate. I have not had to do that since the first time I connected. Now, after using this server for a long time,…
Doug
  • 41
  • 3
4
votes
4 answers

What is the threat of having the clipboard enabled on Citrix and other rdp?

It is a question I have had for some time which I have never received a solid answer on. It seems most infosec teams prefer to disable clipboard functionality on Citrix and other RDP setups. What is the real threat here and does the threat…
Brettski
  • 521
  • 3
  • 8
  • 14
4
votes
2 answers

Brute Force RDP Attacks Despite Having RDP Restricted to 1 IP - HOW?

I restricted the Firewall incoming rules for RDP under Scope to 1 Remote IP address (Local IP Address section is empty). This was done for both Public & Private/Domain Rules. This action restricted RDP access to only my IP. I confirmed this myself…
AlexVPerl
  • 243
  • 2
  • 9
4
votes
1 answer

How does one typically monitor their privileged admins encrypted SSH & RDP sessions?

From a compliance (& perhaps just for pure due-diligence) standpoint, what do IT departments typically deploy to keep an eye on their privileged administrator's remote access sessions? Also what's the standard when it comes to security procedures…
user88092
  • 41
  • 1
3
votes
1 answer

Saving connection parameters in an RDP file

For connecting to a remote Windows Server 2008 I use a standard Windows 7 RDP remote desktop connection. In an RDP dialog there is an option to save connection parameters to an RDP file to use it later for a quick connection. Is it safe to save…
rem
  • 2,017
  • 2
  • 19
  • 27
3
votes
2 answers

Can a virtual machine program view a host machine's connections?

I don't really know anything about computers. I need to run a virtual Windows machine inside an Ubuntu system. My current setup uses a stripped down version of Windows XP on VirtualBox. I intend to use RDP (Remote Desktop Protocol) regularly to…
user5654
  • 41
  • 1
  • 3
3
votes
1 answer

Is RDP susceptible to the BEAST attack?

I have Windows 2008 R2 servers which are failing a PCI vulnerability scan because they have RDP enabled (needs to be disabled). I have applied the PCI settings of IISCrypto tool, but I have to leave TLS 1.0 enabled in order not to break RDP. The…
Jim Balo
  • 131
  • 1
  • 3
3
votes
2 answers

Failed RDP brute force attack from Microsoft IP address?

I use RDPGuard on my webserver. I have noticed that it blocked an IP address which seemed to originate from a Microsoft registered IP address: Process Information: Caller Process ID: 0xf78 Caller Process Name: …
user989056
  • 133
  • 3
3
votes
1 answer

How do I configure Terminal Server (and clients) for use over untrusted Wifi networks?

Suppose a client wants to directly connect to Terminal Server exposed to the Internet, without a VPN, ... what software & settings is needed to properly protect against WiFi based attacks? (assume MITM is possible, and multiple client platforms are…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
2
3
8 9