Another RDP Hack
If you're gonna try my RDP hack in Vista, here are a few things to keep in mind.
- By Greg Shields
, we talked about how to hack RDP's default port to obfuscate
it from spying eyes. If the hackers aren't looking for RDP connections
on ports other than TCP port 3389, then they probably aren't going
to find them.
However, RDP in versions of Windows prior to Windows Vista all suffer
from a major security problem. It's a problem with the architecture
and how RDP initiates a connection. Think about how you connected to RDP
in older versions: You enter in the name of the server into your Remote
Desktop Client. Then, when you click Connect you get a screen asking for
a login. That's bad because you've successfully achieved an
open connection to the remote server, but you haven't authenticated
to it yet!
This process is actually the reverse of how most properly secured services
work. First, you authenticate to the service. Then, you get access to
see it and work with it.
So Windows Vista introduces the concept of Network Level Authentication
(NLA). This twist on the old authentication process reverses the order
to where it should be. In Windows Vista, before you see the screen of
the remote system, you are prompted for a username and password. Only
until you've entered that information and successfully authenticated
does the remote server fully open the connection.
Tech Help -- Just An
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
the best questions get answered in this column and garner
the questioner with a nifty Redmond T-shirt.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
To enable NLA for RDP on a Vista machine, right-click on Computer, then
Properties, then Advanced system settings, then the Remote tab. Click
the radio button next to Allow connections only from computers running
Remote Desktop with Network Level Authentication (more secure).
The version of the Remote Desktop Client that comes with Vista supports
NLA. If you want to use it on a Windows XP machine, you'll need to
Desktop Connection 6.0 from the Microsoft Web site.
Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.