Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Vista

Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access

3/13/2011 10:25:20 PM

Securing Network Traffic for Remote Desktop Protocol (RDP) Access

IPSec is used to secure network traffic between client and server computers, typically on the corporate LAN, or over the Internet between two LANs.

You also need to protect traffic when you connect to a computer using the Remote Desktop Protocol (RDP). RDP, which runs over port 3389, allows you to connect to an RDP server as if you were sitting in front of the local console on the remote server.

Alert

A Windows Vista computer can be the RDP server. This must be enabled on the Remote tab of the System properties, as displayed in Figure 9.

Figure 9. Remote Desktop Connections using RDP must be enabled in System properties. Users must be either Administrators or members of the Remote Desktop Users group.


By clicking Select Users, you can add users to the Remote Desktop Users group.

RDP traffic is encrypted by default, and the RDP client must authenticate to the RDP server. However, the strength of the encryption can be increased, and mutual authentication of RDP client and server can be implemented. You do this on a Windows Vista computer in the Local Security Policy or by GPO in an Active Directory environment.

To set a required encryption strength, you configure the Set Client Encryption level setting.

The available settings are as follows:

  • High Level— Requires the use of 128-bit keys for encryption. If the RDP server cannot do 128-bit encryption, the RDP connection fails.

  • Low Level— Allows the use of 56-bit keys for encryption. Use this setting if the RDP server cannot use 128-bit keys for encryption.

  • Client Compatible— Negotiates for 128-bit keys first and rolls down to 56-bit keys if the RDP server cannot use 128-bit keys.

To require mutual authentication, you can configure the Require Use of Specific Security Layer for Remote (RDP) Connections setting. This implements SSL (Transport Layer Security, or TSL, 1.0) mutual, certificate-based authentication of the RDP client and the RDP server.

As shown in Figure 10, the available settings are as follows:

  • Negotiate— Tries TLS 1.0 mutual authentication. If this fails, this setting rolls down to use RDP authentication of the client only.

  • RDP— Authenticates the client to the RDP server only. Use this setting if the RDP server cannot perform TLS 1.0 authentication.

  • SSL (TLS 1.0)— Requires both the client and RDP server to use TLS 1.0 authentication. If either end of the connection cannot use TLS 1.0 to authenticate, the connection fails.

    Figure 10. Configuring RDP security or SSL (TLS 1.0) security for your RDP connection.

 Alert

To summarize, the strongest settings for using the Remote Desktop Protocol to connect to a Windows Vista computer are to require 128-bit key strength on the encryption setting and require SSL (TLS 1.0) for mutual, certificate-based authentication on the security layer for RDP connections.

Other -----------------
- Windows Update (part 4) - Troubleshooting Updates
- Windows Update (part 3) - Windows Server Update Services Server (WSUS)
- Windows Update (part 2) - Automatic Updates
- Windows Update (part 1) - Manual Updates
- Windows Defender and Other Defenses Against Malware
- Windows Firewall
- Troubleshoot Security Configuration Issues (part 2) - Securing Data in Storage with Encrypting File System & Securing Computers with the Security Configuration and Analysis Tool
- Troubleshoot Security Configuration Issues (part 1) - The Windows Security Center & Securing the Operating System and Data in Storage with BitLocker
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 4) - Digital Certificates
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 3) - Cookie-Handling & ActiveX Opt-In
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 2) - Internet Explorer’s Protected Mode
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 1) - Pop-Up Blocker & Phishing Filter
- Troubleshooting Deployment Issues
- Perform Post-Installation Tasks (part 3) - Managing Computers with Multiple Operating Systems
- Perform Post-Installation Tasks (part 2) - Managing User Data
- Perform Post-Installation Tasks (part 1) - Restoring User State Data & Ensuring Driver Availability
- Deploy Windows Vista from a Custom Image
- Configuring Windows Vista Productivity Applications - Windows Mail
- Configuring Mobile Computers - Configuring Tablet PCs
- Configuring Mobile Computers - Giving Presentations
 
 
Most view of day
- Windows Server 2012 : Enabling and disabling the graphical interface in Hyper-V
- Microsoft Project 2010 : Defining Project Resources - Defining Resource Costs
- Microsoft Project 2010 : Fine-Tuning Task Details (part 10) - Scheduling Summary Tasks Manually
- Sharepoint 2013 : Integrating Apps for Office with SharePoint (part 1) - Standalone Apps for Office
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 2) - Refreshing external data
- Sharepoint 2013 : Managing Security - See What Permissions Are Set (part 1) - Check Permissions on Files and List Items
- Sharepoint 2013 : Backup and Restore (part 2) - Export and Import - Using PowerShell, STSADM, Central Administration
- BizTalk 2006 : Getting Started with Pipeline Development (part 3) - Configuring Recoverable Interchanges, Using the Default Pipelines
- Extending Dynamics AX 2009 (part 1)
- Microsoft Excel 2010 : Using Formulas - Table References in Formulas, Using Array Formulas
Top 10
- Sharepoint 2013 : Working with the CSOM (part 6) - Working with the JavaScript client object model - Creating, reading, updating, and deleting in the JavaScript client object model
- Sharepoint 2013 : Working with the CSOM (part 5) - Working with the JavaScript client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 4) - Working with the JavaScript client object model - Returning collections
- Sharepoint 2013 : Working with the CSOM (part 3) - Working with the managed client object model - Creating, reading, updating, and deleting
- Sharepoint 2013 : Working with the CSOM (part 2) - Working with the managed client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 1) - Understanding client object model fundamentals
- Windows Phone 8 : Configuring Mailbox Settings (part 5) - Configuring Automatic Replies
- Windows Phone 8 : Configuring Mailbox Settings (part 4) - Lightening the Display,Changing the Mailbox Sync Settings
- Windows Phone 8 : Configuring Mailbox Settings (part 3) - Message Signatures, Blind CCing Yourself
- Windows Phone 8 : Configuring Mailbox Settings (part 2) - Unlinking Mailboxes, Conversation View
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro