Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/13/2011 10:25:20 PM

Securing Network Traffic for Remote Desktop Protocol (RDP) Access

IPSec is used to secure network traffic between client and server computers, typically on the corporate LAN, or over the Internet between two LANs.

You also need to protect traffic when you connect to a computer using the Remote Desktop Protocol (RDP). RDP, which runs over port 3389, allows you to connect to an RDP server as if you were sitting in front of the local console on the remote server.

Alert

A Windows Vista computer can be the RDP server. This must be enabled on the Remote tab of the System properties, as displayed in Figure 9.

Figure 9. Remote Desktop Connections using RDP must be enabled in System properties. Users must be either Administrators or members of the Remote Desktop Users group.


By clicking Select Users, you can add users to the Remote Desktop Users group.

RDP traffic is encrypted by default, and the RDP client must authenticate to the RDP server. However, the strength of the encryption can be increased, and mutual authentication of RDP client and server can be implemented. You do this on a Windows Vista computer in the Local Security Policy or by GPO in an Active Directory environment.

To set a required encryption strength, you configure the Set Client Encryption level setting.

The available settings are as follows:

  • High Level— Requires the use of 128-bit keys for encryption. If the RDP server cannot do 128-bit encryption, the RDP connection fails.

  • Low Level— Allows the use of 56-bit keys for encryption. Use this setting if the RDP server cannot use 128-bit keys for encryption.

  • Client Compatible— Negotiates for 128-bit keys first and rolls down to 56-bit keys if the RDP server cannot use 128-bit keys.

To require mutual authentication, you can configure the Require Use of Specific Security Layer for Remote (RDP) Connections setting. This implements SSL (Transport Layer Security, or TSL, 1.0) mutual, certificate-based authentication of the RDP client and the RDP server.

As shown in Figure 10, the available settings are as follows:

  • Negotiate— Tries TLS 1.0 mutual authentication. If this fails, this setting rolls down to use RDP authentication of the client only.

  • RDP— Authenticates the client to the RDP server only. Use this setting if the RDP server cannot perform TLS 1.0 authentication.

  • SSL (TLS 1.0)— Requires both the client and RDP server to use TLS 1.0 authentication. If either end of the connection cannot use TLS 1.0 to authenticate, the connection fails.

    Figure 10. Configuring RDP security or SSL (TLS 1.0) security for your RDP connection.

 Alert

To summarize, the strongest settings for using the Remote Desktop Protocol to connect to a Windows Vista computer are to require 128-bit key strength on the encryption setting and require SSL (TLS 1.0) for mutual, certificate-based authentication on the security layer for RDP connections.

Other -----------------
- Windows Update (part 4) - Troubleshooting Updates
- Windows Update (part 3) - Windows Server Update Services Server (WSUS)
- Windows Update (part 2) - Automatic Updates
- Windows Update (part 1) - Manual Updates
- Windows Defender and Other Defenses Against Malware
- Windows Firewall
- Troubleshoot Security Configuration Issues (part 2) - Securing Data in Storage with Encrypting File System & Securing Computers with the Security Configuration and Analysis Tool
- Troubleshoot Security Configuration Issues (part 1) - The Windows Security Center & Securing the Operating System and Data in Storage with BitLocker
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 4) - Digital Certificates
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 3) - Cookie-Handling & ActiveX Opt-In
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server