Weekly quickTIP

Another RDP Hack

If you're gonna try my RDP hack in Vista, here are a few things to keep in mind.

Last time, we talked about how to hack RDP's default port to obfuscate it from spying eyes. If the hackers aren't looking for RDP connections on ports other than TCP port 3389, then they probably aren't going to find them.

However, RDP in versions of Windows prior to Windows Vista all suffer from a major security problem. It's a problem with the architecture and how RDP initiates a connection. Think about how you connected to RDP in older versions: You enter in the name of the server into your Remote Desktop Client. Then, when you click Connect you get a screen asking for a login. That's bad because you've successfully achieved an open connection to the remote server, but you haven't authenticated to it yet!

This process is actually the reverse of how most properly secured services work. First, you authenticate to the service. Then, you get access to see it and work with it.

So Windows Vista introduces the concept of Network Level Authentication (NLA). This twist on the old authentication process reverses the order to where it should be. In Windows Vista, before you see the screen of the remote system, you are prompted for a username and password. Only until you've entered that information and successfully authenticated does the remote server fully open the connection.

Tech Help -- Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at [email protected]; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

To enable NLA for RDP on a Vista machine, right-click on Computer, then Properties, then Advanced system settings, then the Remote tab. Click the radio button next to Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure).

The version of the Remote Desktop Client that comes with Vista supports NLA. If you want to use it on a Windows XP machine, you'll need to download Remote Desktop Connection 6.0 from the Microsoft Web site.

About the Author

Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.

comments powered by Disqus