[Repost]: Help Re: Remote desktop access (TS) security

[John Smith]

Hi,

I have a question regarding password and remote communication.
If I access another computer remotely using the Remote Desktop client
without using VPN, will my username and password be sent in the clear to the
server and therefore liably intercepted by anyone on the Internet?
Could anyone please point me toward any article or reading materials that
may shed more light of this subject?

Please help. Much thanks.
~Js.

 

[GL]

The RDP protocol (Terminal Server) encrypts the data at adjustable levels.

If I recall the settings are as follows:
It can be configured for "Low" where only data sent to the server is
encrypted (I think at 56-bit), meaning your username and password for login
will be encrypted along with anything else sent to the server. It can be set
to "Medium" where data both to and from the server is encrypted (I think at
56-bit). Or it can be set to "High" where all traffic is encrypted at the
highest level supported by the client.

GL

 

[John Smith]

Thank you again.

The RDP protocol (Terminal Server) encrypts the data at adjustable levels.

If I recall the settings are as follows:
It can be configured for "Low" where only data sent to the server is
encrypted (I think at 56-bit), meaning your username and password for login
will be encrypted along with anything else sent to the server. It can be set
to "Medium" where data both to and from the server is encrypted (I think at
56-bit). Or it can be set to "High" where all traffic is encrypted at the
highest level supported by the client.

GL