RDC Security

[David P. Lurie]

What is the current encryption and authentication protocol used by RD (I
assume RD and RD Web Connection are the same), and is it equivalent to
current OpenSSH from Cygwin (3.7.1p2-2), using SSH2?

I usually use RD from home to office through a VPN tunnel, such that the
office router doesn't have to forward 3389 and/or 80. The coprocessors on
the VPN routers (linksys) are fast enough that performance degradation
through the VPN tunnel c/w direct isn't enough to risk opening 3389 on the
office router.

Future needs require office access from elsewhere via RD or RDWC, which will
require 3389 (and 80 for RDWC) forwarded on the office router.

If RD/RDWC is less secure than SSH2, RDWC with TCP port forwarding (80 and
3389) via an SSH2 tunnel with PuTTY from remote clients may be feasible.
However, I'm concerned that the overhead from the software-only SSH2 tunnel
will be higher.

Thanks,

David P. Lurie

 

[Bill Sanderson]

RSA RC4 128bit key

http://www.microsoft.com/technet/tr...echnol/win2kts/evaluate/featfunc/rdpfperf.asp

(with unpatched Windows 2000 servers, it could be a lower keystrength--with
XP it will be 128 bit, unless policy on the host end has been modified to
set a lower keystrength.)

I don't know what OpenSSH uses.

 

[David P. Lurie]

RSA RC4 128bit key

Thanks,

I thought it would be at least 128 bit, so I'll probably just use RDC.
OpenSSH uses the same encryption protocols as the commercial SSH products,
but 128 bit encryption is sufficient for my requirements.

David P. Lurie

 

[Bill Sanderson]

If you want better, I believe IPSEC VPN's can be configured with stronger
encryption, but this takes some work at both ends--and you'd then run RDP
within the VPN tunnel. RDP uses the same encryption as a PPTP VPN, but you
do gain some additional security by running within the VPN tunnel.