Travel can be scary, and with my first long-distance trip in many years coming up this weekend, I want to be sure I’m playing it safe. All the time I hear about fake wireless hotspots and all kinds of other hacks happening in airports and coffee shops. I’m pretty well versed in these tricks, and consider myself aware of most of the tricks and can protect myself. But I want to go the extra mile. I have a computer set up, in my house, which I can use Microsoft Remote Desktop to connect to. I have also created a VPN connection via that same home computer, if I want to use it. But setting this up created a series of questions for me. Foremost: is RDP encrypted?
The short answer is yes. Modern RDP is encrypted. If you’re using Windows Vista or newer, your remote desktop session will be encrypted by default. You can use TLS (SSL) if you feel the need for extra layers of security, but much like an Exchange server, if you do not provide an SSL certificate, your computer will create a self-signed certificate.
Self-Signed certificates can be a headache for some major corporations, but for the majority of home users, they are an elegant solution for increasing security, handled by Microsoft. As long as your computer is using that, you can rest assured that data between the remote computer that you will be connecting from, and the server computer that you will be connecting to is encrypted. While traveling, I intend to do my web browsing from my home computer, via RDP. To verify that your computer has created a self-signed SSL certificate, perform the following steps.
On the computer you will connect to:
- Click Start.
- Use Search Programs and Files and type MMC.
- When MMC.exe appears, press enter.
- Click File, then Add/Remove Snap-In.
- Click Certificates on the left, and the “Add” button in the center.
- On the window that pops up, select Computer Account, then click Next (screenshot above).
- Click Finish.
- Click OK.
- On the left, expand Certificates, then Remote Desktop, then look in Certificates subfolder.
- On the right, you should see an SSL certificate, and most likely the Issued To and Issued By fields will match, showing a self-signed certificate.
You may see an expiration date, but don’t worry about that. The system will reissue a new certificate long before that expiration date approaches.
This and other RDP Misconceptions are addressed in a 2009 article on MSDN.