Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3800
Views
0
Helpful
3
Replies

Microsoft Remote Desktop Protocol (RDP) and FIPs compliant

cisco24x7
Level 6
Level 6

‎04-01-2008 12:38 PM - edited ‎03-11-2019 05:25 AM

Hi All,

Sorry for the off-topic but I come from

a Unix environment so I am more familiar

with SSH than Microsoft Remote Desktop

Protocol (RDP).

I noticed that with Win2003 Service

Pack 1, Microsoft Windows 2003 RDP

supports RDP with FIPs compliant. Does

it mean that it is now consider "safe"

to use RDP (aka terminal service) over

the Internet?

Comments anyone? Thanks.

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎04-01-2008 02:21 PM

That's really your call. FIPS compliance means that MS now supports one of the supported encryption algorithms.

RDP communications are encrypted using 128-bit RC4 encryption. Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, only the channels transferring sensitive information like passwords are encrypted. With medium encryption, UI packets are encrypted as well. And with high encryption, keyboard/mouse inputs are also scrambled.

0 Helpful

cisco24x7
Level 6
Level 6
In response to Collin Clark

‎04-01-2008 02:27 PM

Let me "rephrase" my question:

When I use SSH in Linux, I also set the

Ciphers to AES256 with SHA-1 with I consider

to be very secure for communicating over

the Internet. I am very comfortable with

this method.

Now Windows users want to do the same

thing with RDP. What I've read from Microsoft

RDP is that it is FIPs compliant and that

the RDP client has to be at least version

RDP 5.2 or higher (6.0) to connect to the

Window 2003 Server with Service Pack 2.

I am trying to find out if this FIPs compliant

is as secure as AES256/sha-1.

As far as the operational goes, I have FIPs

working between a windows XP box running RDP

version 6.0 connecting to a Windows 2003

Server Service Pack 2 configure with FIPs.

Any ideas? Thanks.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to cisco24x7

‎04-01-2008 02:33 PM

You'll have to compare the encryption algorithms between FIPS-198 w/SHA-1 and and AES256.

FIPS Publications

http://csrc.nist.gov/publications/PubsFIPS.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card