Windows 7 RDP Security

Question

I use RDP on Windows 7 (SP1) to connect to Windows Server 2008. There is no SSL I have setup on the server yet which I will do. Before that I just wondering if the connection to the server is secure and username and password is encrypted by Windows 7 RDP client? Can anyone please tell how secure RDP is? I just want to confirm that username and password are not sent in clear text even if there is no SSL setup in terminal services. One more thing I want to ask is that if I use Windows XP then I see connection screen of host machine where I enter username and password, but if I use Windows 7 then I see connection dialog even before I can see remote desktop. Is the connection dialog in Windows 7 sends credentials using encryption?

Answer 1

The connection is encrypted using RDP encryption. No information is sent in clear text.

SSL is used to authenticate the identity of the RDS server. It can also used to encrypt the session traffic.

http://technet.microsoft.com/en-us/magazine/ff458357.aspx

http://blogs.technet.com/b/migreene/archive/2006/04/30/426860.aspx

Answer 2

You may not see the connection dialog due to newer platforms can use Network Level Authentication. This performs the authentication before the client establishes an RDP connection to the server and consumes a session. This was done as a security measure, to reduce denial of service attacks.

When to use the “enablecredsspsupport:i:0” RDP file option
http://blogs.msdn.com/ts/archive/2007/01/22/vista-remote-desktop-connection-authentication-faq.aspx#_When_to_use

TS connection experience improvements based on RDP 6.0 client customer feedback
http://blogs.msdn.com/b/rds/archive/2007/03/28/ts-connection-experience-improvements-based-on-rdp-6-0-client-customer-feedback.aspx