|
![](/i/fill.gif) |
On 10/10/2011 06:06 PM, Darren New wrote:
> On 10/10/2011 3:15, Invisible wrote:
>> Have you ever tried explaining all that over the phone to somebody who
>> can't even work a mouse properly yet?
>
> Yep.
...and you don't think a set of instructions of this level of technical
complexity just *might* pose a little bit of a problem?
>> Of course, you would also need to poke a hole in the firewall for that to
>> work.
>
> No you don't.
So how do you connect to it if it's behind two hardware firewalls plus
the Windows Firewall?
>> And make sure I edit whatever settings it is necessary to turn on
>> encryption.
>
> It's encrypted by default.
Excuse my scepticism. None of the other Windows protocols are encrypted
by default, nor even provide the *option* of encryption...
>> And add a secure password. (The current admin password on the
>> machine is trivially breakable.)
>
> That's kind of stupid. You'd be better off with no admin password at all.
Well, yeah. Except that most things that ask you to log in as admin tend
not to work if the password is blank. (No, I have no idea why.) Still,
when it's impossible to log in at all unless you're in the building, it
doesn't really /matter/ how weak your passwords are. But if you're going
to open up access from the Internet, suddenly it really, really matters
how weak your passwords are!
>> ...or I could set up a *real* VPN, which is *actually* secure...
>
> What's insecure about RDP, other than you don't actually believe it's
> encrypted and/or you don't understand encryption?
Microsoft didn't bother to include any security whatsoever in the file
sharing protocol, the remote registry protocol, the printing protocol,
the name registration protocol, and even the user authentication
protocol is infamously weak. I'm just rather surprised that they
actually bothered to put any security into RDP, rather than making you
pay money for an extra security product.
I'd have more faith in something like TLS - a protocol actually designed
by security experts, who's only purpose for existing is to provide security.
Post a reply to this message
|
![](/i/fill.gif) |