|
Posted by Miha Pihler [MVP] on July 21, 2006, 9:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
There are few things you can do to make these connections (more) secure:
- On the server set the encryption to high
- On Windows Server 2003 with SP1 installed on it you can use certificates
to prevent MITM (Man In The Middle) attacks.
Now the only thing that I usually worry about when considering RDP are key
loggers that might be installed on a computer from which you are trying to
connect to your server (e.g. if you are trying to connect to your server
from cyber café). Still this is not only the problem with RDP connection but
with any remote connection using static username and password.
So if you decide for this option pay attention to username and password (use
strong username and password and change passwords frequently). Don't use
domain administrator account for connection - use ordinary user account.
Whenever possible this user account should not even be local administrator
on the server. Once you are connected to the server you can raise your
permissions using another RDP to the server or options such as "run as" etc.
Another thing to consider is to limit IP address from which you can connect
to your server over RDP (e.g. limit it to your home IP address only).
--
Mike
Microsoft MVP - Windows Security
>I have installed windows server 2003 enterprise edition. I have to manage
>my
> server from remote site. A solution with remote desktop only is very
> dangerous? Terminal service of windows server 2003 with encryption is not
> secure?
>
> Thank's
| 
XML site map