i remotely connect to my work via an ipsec vpn and use rdp to connect to the
workplaces terminal server. its extremely fast and is impressive by anybodies
standards.
however as with all ipsec's, they need configuring at both endpoints. pptp
isn't the answer here either as it requires setting up at the client end. ssl
is a so;ution to the problem but requires extra hardware/software.
what i'm after is a zero cost & zero configuration on the client side ie a
raw rdp connection from any xp client. this obviously opens up the PC on the
firewall on 3389 to external connections.
my question? how safe is this? i've configured an account lockout policy and
enforced strong passwords.
any help would be appreciated.

The native RDP data stream is encrypted. See this reference for details...

http://tinyurl.com/8bvj

Personally I run RDP through a SSH tunnel for added security (I also use a
private/public key pair w/strong pass phrase for authentication) and its
easy to access more than one RDP host through the tunnel.

I think I would stick with the IPSec VPN if you have it up and running and
RDP is working through it...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"louisXXX" <louisXXX@discussions.microsoft.com> wrote in message
news:05147EB5-F1F8-4059-9CB4-3396FEA30605@microsoft.com...
>i remotely connect to my work via an ipsec vpn and use rdp to connect to
>the
> workplaces terminal server. its extremely fast and is impressive by
> anybodies
> standards.
> however as with all ipsec's, they need configuring at both endpoints. pptp
> isn't the answer here either as it requires setting up at the client end.
> ssl
> is a so;ution to the problem but requires extra hardware/software.
> what i'm after is a zero cost & zero configuration on the client side ie a
> raw rdp connection from any xp client. this obviously opens up the PC on
> the
> firewall on 3389 to external connections.
> my question? how safe is this? i've configured an account lockout policy
> and
> enforced strong passwords.
> any help would be appreciated.

When you keep the host updated then, the man in the middle security attack
is what you should be concerned about .If you follow Mr. Sooner's advice
about secure tunnelling then that will take care of that hole.

Other than that the man in the middle threat, RDP is pretty secure when
configured with some of things you alluded to, strong password, user policy,
lockout policy, logging etc. ect.

"louisXXX" <louisXXX@discussions.microsoft.com> wrote in message
news:05147EB5-F1F8-4059-9CB4-3396FEA30605@microsoft.com...
>i remotely connect to my work via an ipsec vpn and use rdp to connect to
>the
> workplaces terminal server. its extremely fast and is impressive by
> anybodies
> standards.
> however as with all ipsec's, they need configuring at both endpoints. pptp
> isn't the answer here either as it requires setting up at the client end.
> ssl
> is a so;ution to the problem but requires extra hardware/software.
> what i'm after is a zero cost & zero configuration on the client side ie a
> raw rdp connection from any xp client. this obviously opens up the PC on
> the
> firewall on 3389 to external connections.
> my question? how safe is this? i've configured an account lockout policy
> and
> enforced strong passwords.
> any help would be appreciated.

thanks for the replies. the reason i ask is because i want to connect via any
xp pc eg i am at my friends house etc. and do not have the luxury of an ssh
tunnel, ipsec etc
regards
louis

"Sooner Al [MVP]" wrote:

> The native RDP data stream is encrypted. See this reference for details...
>
> http://tinyurl.com/8bvj
>
> Personally I run RDP through a SSH tunnel for added security (I also use a
> private/public key pair w/strong pass phrase for authentication) and its
> easy to access more than one RDP host through the tunnel.
>
> I think I would stick with the IPSec VPN if you have it up and running and
> RDP is working through it...
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "louisXXX" <louisXXX@discussions.microsoft.com> wrote in message
> news:05147EB5-F1F8-4059-9CB4-3396FEA30605@microsoft.com...
> >i remotely connect to my work via an ipsec vpn and use rdp to connect to
> >the
> > workplaces terminal server. its extremely fast and is impressive by
> > anybodies
> > standards.
> > however as with all ipsec's, they need configuring at both endpoints. pptp
> > isn't the answer here either as it requires setting up at the client end.
> > ssl
> > is a so;ution to the problem but requires extra hardware/software.
> > what i'm after is a zero cost & zero configuration on the client side ie a
> > raw rdp connection from any xp client. this obviously opens up the PC on
> > the
> > firewall on 3389 to external connections.
> > my question? how safe is this? i've configured an account lockout policy
> > and
> > enforced strong passwords.
> > any help would be appreciated.
>
>
>

> thanks for the replies. the reason i ask is because i want to connect via
any
> xp pc eg i am at my friends house etc. and do not have the luxury of an
ssh
> tunnel, ipsec etc
> regards
> louis

If you cannot trust security of their computer, then you are insecure.
They might have keylogger installed, without even being aware.

Travel with your own computer (laptop?).