How secure is Remote Desktop from Mac OS X to Windows Server 2003?

2

It's unclear to me exactly how secure Remote Desktop access from Mac OS X to a Windows Server 2003 machine is. Is the communication encrypted by default? What level of encryption?

Are there best practices for making this as secure as possible? I found http://www.mobydisk.com/techres/securing_remote_desktop.html but it's unclear how much of that is still relevant for current versions of RDP and Windows Server.

I know I can tunnel RDP over ssh, but is that overkill or redundant?

denishaskin

Posted 2009-12-02T04:01:05.323

Reputation: 131

2

You should ask this at either http://superuser.com or http://serverfault.com

– Graviton – 2009-12-02T04:03:50.747

Answers

0

A number of years ago RDP was vulnerable to a man-in-the-middle attack where an attacker could act as an RDP server, but route all traffic to the real server. The RDP client would not complain that the attacker was not the real RDP server. So the attacker could watch all traffic. A fix was released for the RDP client that came out around Vista's release (v6).

RDP does use encryption (RC4) in v6+. RC4 can be vulnerable, but there are ways to make it more secure. There is an interesting read on RC4 and RDP by a "security" group (PDF).

You can always tunnel over SSH, it won't buy you much beyond providing an extra layer of security. Personally, I would make sure the client and server are at least complaint with RDP v6 (I believe Windows Update upgrade XP's client, so 2003 should be ok). Plus, based on personal experience trying to get SSH to work on Windows, I would just go with straight RDP.

John Paulett

Posted 2009-12-02T04:01:05.323

Reputation: 141

1

SSH on windows is easy. install copssh (link below), activate a user, open port 22 on any all firewall/routers to that computer. Done. Works fine as an ssh tunnel. I have it running on win7 x64.

http://www.itefix.no/i2/copssh

– Tony – 2010-02-03T13:11:56.117

Asked: 2009-12-02T04:01:05.323

Viewed: 1 075 times

Active: 2010-07-15T14:15:41.410