Remote Desktop is not secure. Myth.

So I've been wrong for a while now about something. I always bought into the common assumption that Remote Desktop Protocol (RDP) is insecure. It actually is relatively secure. It is secure enough to keep your connections to Windows based computers safe from prying eyes and other threats. Waddaya know? Apparently for me, the answer is "nothing" eh.

Anyway. While I was doing some research into the matter I found several comments by Microsoft fan-boys that RDP was good enough to use. Forums in the tech community were filled with these comments. So I had to find out more about this and I did. I found several articles that support these comments.

One of the features of RDP is the use of RC4 encryption. The same type of encryption sometimes used for SSL, Kerberos and a few other technologies. Of course, you should always make sure that both computers you are working with on this have the latest and greatest RDP client, and you must follow other standard security procedures like using safe passwords.

There's a slight chance that someone may setup a "man-in-the-middle" attack and try to decrypt your information. But Seriously? you think someone actually wants to go through the hassle of setting up this attack? Its expensive, time consuming, and usually reserved for multimillion dollar corporations or millionaires. Kurt, one of the bloogers I found talking about RDP put it best:

To give you an idea of the sophistication we're talking about, this hacking technique is usually reserved for attacking eCommerce sites like eBay & financial institutions like Bank of America to intercept credit cards & passwords. If someone is in fact truly attempting to use this technique against you and your computer, it's not random: You or your organization is probably important enough (or rich enough) that skimping paying $50/year for LogMeIn Pro, $200/year for GoToMyPC, or whatever support service you might otherwise be using isn't exactly your first priority. Remember: This is your Mom we're talking about... not freakin' Bill Gates.

I know that security through obscurity can be a fools errand, but you could try changing the port RDP runs on so you can prevent any automatic scripted attacks, or use some sort of port translation on your firewall --if you're connecting to a compuer across the internet. With that said, go forth and RDP into your home computer till you get sick of it. As far as the concerns for security with RDP, I think It's ok to use it.

Similar Posts