- Jul 20, 2011
- 53
- 1
- 71
I am thinking of setting up RDC on my parent's computer as a way to access their PC remotely. I am attracted to the idea that it is a pay-one-price solution and tightly integrated into the operating system. Host computer would be Windows 7 Professional. Client computer would be Windows 7 Home Premium. Host is behind an old Linksys wired router. Client is behind a newer Dlink wired/wireless router. On the host will check the option "Allow connection with computers running Remote Desktop with network level authentication (more secure)." Windows Firewall and Windows Security Essentials are enabled on both ends.
I read a number of posts dated years ago, that RDC and it's protocol Remote Desktop Protocol are vulnerable to man-in-the-middle attacks. Wikipedia still says this. David Pogue advocates setting up a VPN and first connecting to the VPN and then connecting to the remote desktop. The first commenter to this Help Desk Geek article mentions a VPN, SSH, and PuTTY solution.
1) Is Win 7 RDC still vulnerable to MITM attacks without a VPN?
2) Will setting up a VPN reduce vulnerability to "prudent" levels?
By "prudent" levels I mean within days / weeks of setting up hackers are not trying to crack my parent's password, have hijacked their hard drive, and stolen their identity. I realize there is no such thing as "invulnerable." My parents are generally careful, are aware of the concept of phishing, do not click on unknown links, and do not install software (i.e. "screensavers").
I read a number of posts dated years ago, that RDC and it's protocol Remote Desktop Protocol are vulnerable to man-in-the-middle attacks. Wikipedia still says this. David Pogue advocates setting up a VPN and first connecting to the VPN and then connecting to the remote desktop. The first commenter to this Help Desk Geek article mentions a VPN, SSH, and PuTTY solution.
1) Is Win 7 RDC still vulnerable to MITM attacks without a VPN?
2) Will setting up a VPN reduce vulnerability to "prudent" levels?
By "prudent" levels I mean within days / weeks of setting up hackers are not trying to crack my parent's password, have hijacked their hard drive, and stolen their identity. I realize there is no such thing as "invulnerable." My parents are generally careful, are aware of the concept of phishing, do not click on unknown links, and do not install software (i.e. "screensavers").