Weekly quickTIP

Another RDP Hack

If you're gonna try my RDP hack in Vista, here are a few things to keep in mind.

• By Greg Shields
• 04/16/2007

However, RDP in versions of Windows prior to Windows Vista all suffer from a major security problem. It's a problem with the architecture and how RDP initiates a connection. Think about how you connected to RDP in older versions: You enter in the name of the server into your Remote Desktop Client. Then, when you click Connect you get a screen asking for a login. That's bad because you've successfully achieved an open connection to the remote server, but you haven't authenticated to it yet!

This process is actually the reverse of how most properly secured services work. First, you authenticate to the service. Then, you get access to see it and work with it.

So Windows Vista introduces the concept of Network Level Authentication (NLA). This twist on the old authentication process reverses the order to where it should be. In Windows Vista, before you see the screen of the remote system, you are prompted for a username and password. Only until you've entered that information and successfully authenticated does the remote server fully open the connection.

To enable NLA for RDP on a Vista machine, right-click on Computer, then Properties, then Advanced system settings, then the Remote tab. Click the radio button next to Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure).

The version of the Remote Desktop Client that comes with Vista supports NLA. If you want to use it on a Windows XP machine, you'll need to download Remote Desktop Connection 6.0 from the Microsoft Web site.