Recommended Posts

And do you tunnel this remote desktop connection thru a vpn or ssh? Or you just have remote desktop open to the public net, without only your username an password as to security?

Or did you enable cert auth to the remote desktop?

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

Configuring authentication and encryption

TLS authentication overview

Remote Desktop Protocol (RDP) provides data encryption, but it does not provide authentication to verify the identity of a terminal server. In Windows Server 2003 Service Pack 1 (SP1), you can enhance the security of Terminal Server by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. TLS is a standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients.

The simple poor mans vpn is just a SSH tunnel -- I would suggest you setup public key auth only to the ssh server, to prevent brutefore attack attempts. Then just tunnel you remote desktop connection.

You wouldn't ;) Unless you have your border device/firewall locked down to only allow access on 3389 only from trusted sources. Your remote desktop is open to anyone that could guess/bruteforce a username an password.

2k3 server allows for TLS auth, which can prevent bruteforce attack, etc.

On XP the most you can do is limit which accounts, change the account names.. Setup lockout policy, change the port away from the default 3389, etc..

I would never suggest anyone present a service like remotedesktop to the public net.. Unless it is locked down to only trusted outside IPs. Or the auth method is secure -- sorry but usename an password is not a secure method ;)

Which is why you would tunnel this connnection thru a vpn or ssh. Where you can use valid methods of authing the users, ie a digital certificate, etc.

Something like OpenVPN or any SSH server can all you to do this quite simple for only the cost of your time to set it up.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Are we forgetting the hardware degradation on 13th and 14th gen??
    • Cry more. The Ukrainians who had internet access because of Starlink were trash too, huh?
    • RoboForm 9.7.5 by Razvan Serea RoboForm is the top-rated Password Manager and Web Form Filler that completely automates password entering and form filling. RoboForm makes logging into Web sites and filling forms faster, easier, and more secure. RoboForm memorizes and securely stores each user name and password the first time you log into a site, then automatically supplies them when you return. RoboForm's powerful Logins feature eliminates the manual steps of logging into any online account. With just one click RoboForm will navigate to a Web site, enter your username and password and click the submit button for you. Completing long registration or checkout forms is also a breeze. Simply click on your RoboForm Identity and RoboForm fills-in the entire form for you. You no longer need to remember all your passwords. You remember one Master Password, and RoboForm remembers the rest. This allows you to use stronger passwords, making your online experience more secure. RoboForm uses strong AES encryption for complete data security. The all new RoboForm comes with Chrome and Safari browser support, iPhone/iPad and Android support, as well a brand new RoboForm Everywhere license for use on unlimited computers and mobile devices. RoboForm 9.7.5 changelog: Prepared for the upcoming RoboForm browser extension with New Auth. Download: RoboForm 9.7.5 | 42.1 MB (Free, paid upgrade available) View: RoboForm Website Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • NTLite 2025.06.10460 is out.
    • I understand. I am not talking about benchmarks at all, even though I probably should look into those too - I just mean historically Vivaldi was a rather sluggish chromium browser when in use compared to other chromium browsers. I am always willing to give it additional tries whenever performance improvements are mentioned in the patch notes.
  • Recent Achievements

    • One Year In
      Vladimir Migunov earned a badge
      One Year In
    • One Month Later
      daelos earned a badge
      One Month Later
    • Week One Done
      daelos earned a badge
      Week One Done
    • Mentor
      Karlston went up a rank
      Mentor
    • One Month Later
      EdwardFranciscoVilla earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      494
    2. 2
      snowy owl
      252
    3. 3
      +FloatingFatMan
      250
    4. 4
      ATLien_0
      225
    5. 5
      +Edouard
      181
  • Tell a friend

    Love Neowin? Tell a friend!