04-01-2008 12:38 PM - edited 03-11-2019 05:25 AM
Hi All,
Sorry for the off-topic but I come from
a Unix environment so I am more familiar
with SSH than Microsoft Remote Desktop
Protocol (RDP).
I noticed that with Win2003 Service
Pack 1, Microsoft Windows 2003 RDP
supports RDP with FIPs compliant. Does
it mean that it is now consider "safe"
to use RDP (aka terminal service) over
the Internet?
Comments anyone? Thanks.
04-01-2008 02:21 PM
That's really your call. FIPS compliance means that MS now supports one of the supported encryption algorithms.
RDP communications are encrypted using 128-bit RC4 encryption. Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, only the channels transferring sensitive information like passwords are encrypted. With medium encryption, UI packets are encrypted as well. And with high encryption, keyboard/mouse inputs are also scrambled.
04-01-2008 02:27 PM
Let me "rephrase" my question:
When I use SSH in Linux, I also set the
Ciphers to AES256 with SHA-1 with I consider
to be very secure for communicating over
the Internet. I am very comfortable with
this method.
Now Windows users want to do the same
thing with RDP. What I've read from Microsoft
RDP is that it is FIPs compliant and that
the RDP client has to be at least version
RDP 5.2 or higher (6.0) to connect to the
Window 2003 Server with Service Pack 2.
I am trying to find out if this FIPs compliant
is as secure as AES256/sha-1.
As far as the operational goes, I have FIPs
working between a windows XP box running RDP
version 6.0 connecting to a Windows 2003
Server Service Pack 2 configure with FIPs.
Any ideas? Thanks.
04-01-2008 02:33 PM
You'll have to compare the encryption algorithms between FIPS-198 w/SHA-1 and and AES256.
FIPS Publications
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: