Microsoft Remote Desktop Protocol (RDP) and FIPs compliant

Unanswered Question
Apr 1st, 2008
User Badges:
  • Silver, 250 points or more

Hi All,


Sorry for the off-topic but I come from

a Unix environment so I am more familiar

with SSH than Microsoft Remote Desktop

Protocol (RDP).


I noticed that with Win2003 Service

Pack 1, Microsoft Windows 2003 RDP

supports RDP with FIPs compliant. Does

it mean that it is now consider "safe"

to use RDP (aka terminal service) over

the Internet?


Comments anyone? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 04/01/2008 - 14:21
User Badges:
  • Purple, 4500 points or more

That's really your call. FIPS compliance means that MS now supports one of the supported encryption algorithms.

RDP communications are encrypted using 128-bit RC4 encryption. Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, only the channels transferring sensitive information like passwords are encrypted. With medium encryption, UI packets are encrypted as well. And with high encryption, keyboard/mouse inputs are also scrambled.

cisco24x7 Tue, 04/01/2008 - 14:27
User Badges:
  • Silver, 250 points or more

Let me "rephrase" my question:


When I use SSH in Linux, I also set the

Ciphers to AES256 with SHA-1 with I consider

to be very secure for communicating over

the Internet. I am very comfortable with

this method.


Now Windows users want to do the same

thing with RDP. What I've read from Microsoft

RDP is that it is FIPs compliant and that

the RDP client has to be at least version

RDP 5.2 or higher (6.0) to connect to the

Window 2003 Server with Service Pack 2.

I am trying to find out if this FIPs compliant

is as secure as AES256/sha-1.


As far as the operational goes, I have FIPs

working between a windows XP box running RDP

version 6.0 connecting to a Windows 2003

Server Service Pack 2 configure with FIPs.


Any ideas? Thanks.

Actions

This Discussion