How secure exactly is RDP

Question

I have a few Windows machines I need to open up, but I was wondering: how secure is RDP? I already found documents like this explaining how to improve security, so obviously it is not very secure by default (like 48 bit encryption...). But after changing those settings, how secure is it then?

I mean, my Linux servers I have open to the world with OpenSSH. I know the OpenBSD auditing and security policies and their history with security bugs, so I fully trust it. I also know Microsoft in that regard, so I don't trust it. But, that's just a feeling. I'd like to know what others think about / have experienced by opening port 3389 to the world.

Answer 1

Well, it's not perfect, but it's good enough for most needs, il particular if you use the latest version and mandate network-level authentication. You can make it even more secure by adding a gateway server that will tunnel connections through SSL and protect your internal machines. Further refinement would be to use certificate authentication for the session but that's probably unnecessary.

As ever, though, the real question should be: what are you trying to protect and against what risk ? If you're going to RDP into the domain controller of your company, then you probably should invest into a few additional security measures (like the gateway server I mentioned) simply because causing a DOS on a DC can have real consequences fr your business. If you're just thinking of connecting to your home computer from the net (and already have descent security in place: good enough passwords and up-to-date OS), then it's probably not worth your while to secure it any further.