how secure is Window Remote Desktop

Rite then, im considering setting up Windows Remote Desktop on my home network (that is connected to ADSL) all computers running XP as this will help me sort problems....

But how secure is it?
Can it easily be hacked from inside? from outside?

any advice would be appreciated and would also be great if you voted so we can get a visual idea

thanks

RF

You may find this of Value

http://techrepublic.com.com/5100-6270-1052360-1-1.html

Regards

JonO

interesting artical thanks for that, would also like to know forums members opinion of the feature and also their experience..

thanks

RF

Cant really form a solid opinion as I personally use the Wingate VPN product, which can be a pig to get running but has great security

JonO

Rite, well at the mo i am just interested in using this across my network but would like to eventually use it to connect to my DB while on the road!!

thanks for the reply

anyone want to give their opinion......

Thanks

RF

I would think that it is fine for a home network.

Effectively, to connect to your computer, anyone needs to enter in a username and password in the client program (you'll find it in Start, All Programs, Accessories, Communications, Remote Desktop Connection). If you click the Options button you'll see a space for a username and password.

By default, when you enable Remote Desktop, only Administrators are allowed access, unless you give extra users permission. This means that if someone was trying to hack into your computer, they would need to supply an admin username and password. I would want to make sure that all of the admin passwords were secure (with capitals, small letters, numbers and extra symbols etc.) before enabling it. It would also be a good idea to set up a security policy.

If I remember correctly from previous posts, you've got XP pro which is OK. In the Administrative Tools in the Control Panel, open up Local Security Policy. In the Account Settings, Password Policy, you can force users to change their passwords at regular intervals etc, and make sure that they meet complexity requirements. There's also a section Account Lockout Policy. If someone is trying to hack into your system, you can get the computer to automatically disable the account after say 3 invalid logon attempts.

Also, in the Local Security Settings, if you expand Local Policies, Security Options there's an entry "Accounts: Rename the Administrator account". It's a good idea to rename this as otherwise a hacker will staightaway know the name of a administrator.

Finally, keep up to date with Windows Update and you should be fine.

great thanks very much for all that advice, i will start working through it to implement it.

One question: when you say taht if they attempt three times it disaples the account -- does that mean disables full stop!! how would i then resurect that?? I presume by having an administrative account that is not remotely accessible but could that not be hack also??

sorry for the questions!! thanks very much for responding !!

RF

As I stated in another post you had I would conect via VPN then use the remote desktop through the encrypted tunnel, to me having its ports listening out on the internet is asking for trouble. A cheap way would be to use a linksys router with VPN capabilities runs about $100 or less. Your theory on changing passwords and such is always good practice as well as renaming the administrator account. However, you are not connecting over SSL or anything encrypted which means your username and password is in clear text passing through the internet. Who knows how many vulnerabilities could be lurking in remote desktop to be honest microsoft cant even secure IE hehe.

hehe, thanks for your post, you do make some good points. However would these be relevent at this point as i only want to use it over an internal networrk. Although is it already set up to run over the internet?? How woul di try to connect to it over the internet??

thanks for your reply

RF

If you are only using it on your internal network then it is fine by itself. Id be more worried about the next guy on the internal network using Lopht over the network then having your remote desktop running. If you want to connect from the internet that is where it becomes a problem and I would use a VPN. to connect to it from the internet just anble port forwarding and open that port in the firewall. although i just realized im making the assumption you have a router for internet access if you have a modem then make sure you firewall the ports so its not listening on the internet.

rite, thanks for the reply

a couple of things

what is Lopht ??

and os it is not automatically set up to be connected to by the internet!! well that is cool for now. Then when i come to want to do that i will look into your suggestion of a router a bit more!

thanks

RF

Lopht crack is in my opinion a prime example of microsofts lack of security hehe! It is actualy a tool to test your passwords on a microsoft network but is maliciously used to gain access to the network. basicly you can have it running on a PC and grab peoples log in information over the wire or you can have it decrypt the SAM database and there is other things it can do. I know people hated the novell client but it gives you an encrypted login hehe.