(Msg. 1) Posted: Sat Jul 16, 2005 1:26 pm
Post subject: Is Remote Desktop Connection Login secure over wireless? Archived from groups: microsoft>public>windows>server>security, others (more info?)
Greetings experts!
When I am using free public wireless hotspots such as coffee-houses, etc.,
the security warning indicates that the connection is not secure, and I
understand that (essentially
My question is: If I use an un-secured wireless network connection, then
attempt to use Windows Remote Desktop Connection to connect to my PC at
home, is the username and password I type into the Remote Desktop Connection
settings encrypted or otherwise protected? Or am I at risk of hackers
intercepting the login credentials I pass to RDC?
(Msg. 2) Posted: Sat Jul 16, 2005 4:28 pm
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
The secure tunnel is created before you enter your credentials and even then
your password is never sent over the network. However I would never enter my
credentials on a public kiosk computer or other computer that I do not know
is secure/clean. From your description it sounds as if you are using your
own laptop. --- Steve
"Mark Findlay" wrote in message
> Greetings experts!
>
> When I am using free public wireless hotspots such as coffee-houses, etc.,
> the security warning indicates that the connection is not secure, and I
> understand that (essentially >
> My question is: If I use an un-secured wireless network connection, then
> attempt to use Windows Remote Desktop Connection to connect to my PC at
> home, is the username and password I type into the Remote Desktop
> Connection settings encrypted or otherwise protected? Or am I at risk of
> hackers intercepting the login credentials I pass to RDC?
>
> Thanks!
(Msg. 3) Posted: Sun Jul 17, 2005 4:00 pm
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Thanks Steve,
Just to clarify my understanding: the "secure tunnel" you refer to - that's
something that RDC creates automatically on my behalf? In other words, there
are no special configurations or special connection settings I need to
create on my laptop or the target PC? I only ask since I had seen some
references in other postings to private VPN etc., and I don't have any of
that set up. I am just using the default installations of XP on both laptop
and PC.
If there are any special configuration steps I need in order to establish
the "secure tunnel", could you elaborate on those?
Many thanks!
Mark
"Steven L Umbach" wrote in message
> The secure tunnel is created before you enter your credentials and even
> then your password is never sent over the network. However I would never
> enter my credentials on a public kiosk computer or other computer that I
> do not know is secure/clean. From your description it sounds as if you are
> using your own laptop. --- Steve
>
>
> "Mark Findlay" wrote in message
> >> Greetings experts!
>>
>> When I am using free public wireless hotspots such as coffee-houses,
>> etc., the security warning indicates that the connection is not secure,
>> and I understand that (essentially >>
>> My question is: If I use an un-secured wireless network connection, then
>> attempt to use Windows Remote Desktop Connection to connect to my PC at
>> home, is the username and password I type into the Remote Desktop
>> Connection settings encrypted or otherwise protected? Or am I at risk of
>> hackers intercepting the login credentials I pass to RDC?
>>
>> Thanks!
>
>
(Msg. 4) Posted: Sun Jul 17, 2005 7:21 pm
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Remote Desktop establishes the tunnel before you logon. You do not have to
do anything special. Just make sure you use real strong passwords on your
computer as others most likely attempt to logon also when they see port 3389
TCP open on your computer. I would also enable auditing of logon events in
Local Security Policy so that you can keep track of such. If you find an
abuser you could try to configure your firewall or ipsec filter to block
access from that persons public IP address. --- Steve
"Mark Findlay" wrote in message
> Thanks Steve,
>
> Just to clarify my understanding: the "secure tunnel" you refer to -
> that's something that RDC creates automatically on my behalf? In other
> words, there are no special configurations or special connection settings
> I need to create on my laptop or the target PC? I only ask since I had
> seen some references in other postings to private VPN etc., and I don't
> have any of that set up. I am just using the default installations of XP
> on both laptop and PC.
>
> If there are any special configuration steps I need in order to establish
> the "secure tunnel", could you elaborate on those?
>
> Many thanks!
> Mark
>
> "Steven L Umbach" wrote in message
> >> The secure tunnel is created before you enter your credentials and even
>> then your password is never sent over the network. However I would never
>> enter my credentials on a public kiosk computer or other computer that I
>> do not know is secure/clean. From your description it sounds as if you
>> are using your own laptop. --- Steve
>>
>>
>> "Mark Findlay" wrote in message
>> >>> Greetings experts!
>>>
>>> When I am using free public wireless hotspots such as coffee-houses,
>>> etc., the security warning indicates that the connection is not secure,
>>> and I understand that (essentially >>>
>>> My question is: If I use an un-secured wireless network connection, then
>>> attempt to use Windows Remote Desktop Connection to connect to my PC at
>>> home, is the username and password I type into the Remote Desktop
>>> Connection settings encrypted or otherwise protected? Or am I at risk of
>>> hackers intercepting the login credentials I pass to RDC?
>>>
>>> Thanks!
>>
>>
>
(Msg. 5) Posted: Mon Jul 18, 2005 5:15 am
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hi,
If I may add, just double check on Terminal server that the Encryption Level
is set to at least High.
For added security you could also add TLS to prevent e.g.
"man-in-the-middle" attacks...
> Remote Desktop establishes the tunnel before you logon. You do not have
> to do anything special. Just make sure you use real strong passwords on
> your computer as others most likely attempt to logon also when they see
> port 3389 TCP open on your computer. I would also enable auditing of
> logon events in Local Security Policy so that you can keep track of such.
> If you find an abuser you could try to configure your firewall or ipsec
> filter to block access from that persons public IP address. --- Steve
>
>
> "Mark Findlay" wrote in message
> >> Thanks Steve,
>>
>> Just to clarify my understanding: the "secure tunnel" you refer to -
>> that's something that RDC creates automatically on my behalf? In other
>> words, there are no special configurations or special connection settings
>> I need to create on my laptop or the target PC? I only ask since I had
>> seen some references in other postings to private VPN etc., and I don't
>> have any of that set up. I am just using the default installations of XP
>> on both laptop and PC.
>>
>> If there are any special configuration steps I need in order to establish
>> the "secure tunnel", could you elaborate on those?
>>
>> Many thanks!
>> Mark
>>
>> "Steven L Umbach" wrote in message
>> >>> The secure tunnel is created before you enter your credentials and even
>>> then your password is never sent over the network. However I would never
>>> enter my credentials on a public kiosk computer or other computer that
>>> I do not know is secure/clean. From your description it sounds as if you
>>> are using your own laptop. --- Steve
>>>
>>>
>>> "Mark Findlay" wrote in message
>>> >>>> Greetings experts!
>>>>
>>>> When I am using free public wireless hotspots such as coffee-houses,
>>>> etc., the security warning indicates that the connection is not secure,
>>>> and I understand that (essentially >>>>
>>>> My question is: If I use an un-secured wireless network connection,
>>>> then attempt to use Windows Remote Desktop Connection to connect to my
>>>> PC at home, is the username and password I type into the Remote Desktop
>>>> Connection settings encrypted or otherwise protected? Or am I at risk
>>>> of hackers intercepting the login credentials I pass to RDC?
>>>>
>>>> Thanks!
>>>
>>>
>>
>
>
(Msg. 6) Posted: Mon Jul 18, 2005 5:15 am
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Thanks for that info Mike. In this case I believe the user is probably using
XP Pro [home pc mentioned]. If that is the case he still could use local
Group Policy to make sure default high encryption is enforced by going to
computer configuration/administrative templates/Windows components/terminal
services/encryption and security. --- Steve
"Miha Pihler [MVP]" wrote in message
> Hi,
>
> If I may add, just double check on Terminal server that the Encryption
> Level is set to at least High.
>
> For added security you could also add TLS to prevent e.g.
> "man-in-the-middle" attacks...
>
> How to configure a Windows Server 2003 terminal server to use TLS for
> server authentication
> http://support.microsoft.com/?id=895433 >
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Steven L Umbach" wrote in message
> >> Remote Desktop establishes the tunnel before you logon. You do not have
>> to do anything special. Just make sure you use real strong passwords on
>> your computer as others most likely attempt to logon also when they see
>> port 3389 TCP open on your computer. I would also enable auditing of
>> logon events in Local Security Policy so that you can keep track of such.
>> If you find an abuser you could try to configure your firewall or ipsec
>> filter to block access from that persons public IP address. --- Steve
>>
>>
>> "Mark Findlay" wrote in message
>> >>> Thanks Steve,
>>>
>>> Just to clarify my understanding: the "secure tunnel" you refer to -
>>> that's something that RDC creates automatically on my behalf? In other
>>> words, there are no special configurations or special connection
>>> settings I need to create on my laptop or the target PC? I only ask
>>> since I had seen some references in other postings to private VPN etc.,
>>> and I don't have any of that set up. I am just using the default
>>> installations of XP on both laptop and PC.
>>>
>>> If there are any special configuration steps I need in order to
>>> establish the "secure tunnel", could you elaborate on those?
>>>
>>> Many thanks!
>>> Mark
>>>
>>> "Steven L Umbach" wrote in message
>>> >>>> The secure tunnel is created before you enter your credentials and even
>>>> then your password is never sent over the network. However I would
>>>> never enter my credentials on a public kiosk computer or other
>>>> computer that I do not know is secure/clean. From your description it
>>>> sounds as if you are using your own laptop. --- Steve
>>>>
>>>>
>>>> "Mark Findlay" wrote in message
>>>> >>>>> Greetings experts!
>>>>>
>>>>> When I am using free public wireless hotspots such as coffee-houses,
>>>>> etc., the security warning indicates that the connection is not
>>>>> secure, and I understand that (essentially >>>>>
>>>>> My question is: If I use an un-secured wireless network connection,
>>>>> then attempt to use Windows Remote Desktop Connection to connect to my
>>>>> PC at home, is the username and password I type into the Remote
>>>>> Desktop Connection settings encrypted or otherwise protected? Or am I
>>>>> at risk of hackers intercepting the login credentials I pass to RDC?
>>>>>
>>>>> Thanks!
>>>>
>>>>
>>>
>>
>>
>
>
(Msg. 7) Posted: Mon Jul 18, 2005 4:48 pm
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Correct, thanks Steve for the added info.
For anyone else reading, I also changed the default port that RDC listens on
so that hackers trying 3389 would fail.
Thanks!
Mark
"Steven L Umbach" wrote in message
> Thanks for that info Mike. In this case I believe the user is probably
> using XP Pro [home pc mentioned]. If that is the case he still could use
> local Group Policy to make sure default high encryption is enforced by
> going to computer configuration/administrative templates/Windows
> components/terminal services/encryption and security. --- Steve
>
>
> "Miha Pihler [MVP]" wrote in message
> >> Hi,
>>
>> If I may add, just double check on Terminal server that the Encryption
>> Level is set to at least High.
>>
>> For added security you could also add TLS to prevent e.g.
>> "man-in-the-middle" attacks...
>>
>> How to configure a Windows Server 2003 terminal server to use TLS for
>> server authentication
>> http://support.microsoft.com/?id=895433 >>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Steven L Umbach" wrote in message
>> >>> Remote Desktop establishes the tunnel before you logon. You do not have
>>> to do anything special. Just make sure you use real strong passwords on
>>> your computer as others most likely attempt to logon also when they see
>>> port 3389 TCP open on your computer. I would also enable auditing of
>>> logon events in Local Security Policy so that you can keep track of
>>> such. If you find an abuser you could try to configure your firewall or
>>> ipsec filter to block access from that persons public IP address. ---
>>> Steve
>>>
>>>
>>> "Mark Findlay" wrote in message
>>> >>>> Thanks Steve,
>>>>
>>>> Just to clarify my understanding: the "secure tunnel" you refer to -
>>>> that's something that RDC creates automatically on my behalf? In other
>>>> words, there are no special configurations or special connection
>>>> settings I need to create on my laptop or the target PC? I only ask
>>>> since I had seen some references in other postings to private VPN etc.,
>>>> and I don't have any of that set up. I am just using the default
>>>> installations of XP on both laptop and PC.
>>>>
>>>> If there are any special configuration steps I need in order to
>>>> establish the "secure tunnel", could you elaborate on those?
>>>>
>>>> Many thanks!
>>>> Mark
>>>>
>>>> "Steven L Umbach" wrote in message
>>>> >>>>> The secure tunnel is created before you enter your credentials and
>>>>> even then your password is never sent over the network. However I
>>>>> would never enter my credentials on a public kiosk computer or other
>>>>> computer that I do not know is secure/clean. From your description it
>>>>> sounds as if you are using your own laptop. --- Steve
>>>>>
>>>>>
>>>>> "Mark Findlay" wrote in message
>>>>> >>>>>> Greetings experts!
>>>>>>
>>>>>> When I am using free public wireless hotspots such as coffee-houses,
>>>>>> etc., the security warning indicates that the connection is not
>>>>>> secure, and I understand that (essentially >>>>>>
>>>>>> My question is: If I use an un-secured wireless network connection,
>>>>>> then attempt to use Windows Remote Desktop Connection to connect to
>>>>>> my PC at home, is the username and password I type into the Remote
>>>>>> Desktop Connection settings encrypted or otherwise protected? Or am I
>>>>>> at risk of hackers intercepting the login credentials I pass to RDC?
>>>>>>
>>>>>> Thanks!
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>
>
(Msg. 8) Posted: Mon Jul 18, 2005 10:22 pm
Post subject: Re: Is Remote Desktop Connection Login secure over wireless? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
This doesn't have anything to do with wireless, over which you are just as
secure as any other medium. However, you'll want to know about this.
Chris
"Mark Findlay" wrote in message
> Correct, thanks Steve for the added info.
>
> For anyone else reading, I also changed the default port that RDC listens
> on so that hackers trying 3389 would fail.
>
> Thanks!
> Mark
>
> "Steven L Umbach" wrote in message
> >> Thanks for that info Mike. In this case I believe the user is probably
>> using XP Pro [home pc mentioned]. If that is the case he still could use
>> local Group Policy to make sure default high encryption is enforced by
>> going to computer configuration/administrative templates/Windows
>> components/terminal services/encryption and security. --- Steve
>>
>>
>> "Miha Pihler [MVP]" wrote in message
>> >>> Hi,
>>>
>>> If I may add, just double check on Terminal server that the Encryption
>>> Level is set to at least High.
>>>
>>> For added security you could also add TLS to prevent e.g.
>>> "man-in-the-middle" attacks...
>>>
>>> How to configure a Windows Server 2003 terminal server to use TLS for
>>> server authentication
>>> http://support.microsoft.com/?id=895433 >>>
>>> --
>>> Mike
>>> Microsoft MVP - Windows Security
>>>
>>> "Steven L Umbach" wrote in message
>>> >>>> Remote Desktop establishes the tunnel before you logon. You do not
>>>> have to do anything special. Just make sure you use real strong
>>>> passwords on your computer as others most likely attempt to logon also
>>>> when they see port 3389 TCP open on your computer. I would also enable
>>>> auditing of logon events in Local Security Policy so that you can keep
>>>> track of such. If you find an abuser you could try to configure your
>>>> firewall or ipsec filter to block access from that persons public IP
>>>> address. --- Steve
>>>>
>>>>
>>>> "Mark Findlay" wrote in message
>>>> >>>>> Thanks Steve,
>>>>>
>>>>> Just to clarify my understanding: the "secure tunnel" you refer to -
>>>>> that's something that RDC creates automatically on my behalf? In other
>>>>> words, there are no special configurations or special connection
>>>>> settings I need to create on my laptop or the target PC? I only ask
>>>>> since I had seen some references in other postings to private VPN
>>>>> etc., and I don't have any of that set up. I am just using the default
>>>>> installations of XP on both laptop and PC.
>>>>>
>>>>> If there are any special configuration steps I need in order to
>>>>> establish the "secure tunnel", could you elaborate on those?
>>>>>
>>>>> Many thanks!
>>>>> Mark
>>>>>
>>>>> "Steven L Umbach" wrote in message
>>>>> >>>>>> The secure tunnel is created before you enter your credentials and
>>>>>> even then your password is never sent over the network. However I
>>>>>> would never enter my credentials on a public kiosk computer or other
>>>>>> computer that I do not know is secure/clean. From your description it
>>>>>> sounds as if you are using your own laptop. --- Steve
>>>>>>
>>>>>>
>>>>>> "Mark Findlay" wrote in message
>>>>>> >>>>>>> Greetings experts!
>>>>>>>
>>>>>>> When I am using free public wireless hotspots such as coffee-houses,
>>>>>>> etc., the security warning indicates that the connection is not
>>>>>>> secure, and I understand that (essentially >>>>>>>
>>>>>>> My question is: If I use an un-secured wireless network connection,
>>>>>>> then attempt to use Windows Remote Desktop Connection to connect to
>>>>>>> my PC at home, is the username and password I type into the Remote
>>>>>>> Desktop Connection settings encrypted or otherwise protected? Or am
>>>>>>> I at risk of hackers intercepting the login credentials I pass to
>>>>>>> RDC?
>>>>>>>
>>>>>>> Thanks!
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum
Home
Forums
Home
FAQ
Search
Profile
Private Messages
Log in
Windows Other