Why does Remote Desktop have a bad reputation?

[naughtybehavior86]

I connected my M1 Air to my router via ethernet and did the same with my ThinkPad that has a Quadro RTX 5000. I am running SolidWorks through remote desktop on my M1 and I have to really try to tell there is a difference from being local on the ThinkPad.

Legit option for people who really want to be under the Apple ecosystem and use their MAC for everything. I have an XDR Pro Display coming soon and I can't wait to rip up SolidWorks on a damn XDR and M1 Air......insane.

I can also run a nice full blown IDE like Visual Studio instead of being such with VS Code.

Look into this if you need the horsepower of a Quadro GPU or just x86 programs in general. I know this isn't a new phenomenon but man I almost did not even try this route because of how horrible people complained about it.

What is also nice is because I have the ThinkPad in a different room I can actually keep the fan curves higher and run a lower SST like 80 or so if I am doing anything intensive.

Just throwing out some positive experience on remote desktop for those who may sound like they are a candidate for it.

 

[Significant1]

Didn't know it had a bad reputation. I works a lot better than Apple's screen sharing, because it is not limited to the screensize of the host machine.

 

[naughtybehavior86]

Didn't know it had a bad reputation. I works a lot better than Apple's screen sharing, because it is not limited to the screensize of the host machine.

Good point. I was able to go in and change the remote desktop resolution to match the resolution of my MAC.

 

[chrfr]

Good point. I was able to go in and change the remote desktop resolution to match the resolution of my MAC.

It's just "Mac."
Microsoft Remote Desktop works well, and has for years. I have never heard of it having a bad reputation. Microsoft's implementation is nothing like the way Remote Desktop/Screen Sharing works from a host Mac, so maybe that's what you've heard.
The biggest disadvantage of Microsoft Remote Desktop is that you're still running Windows and you're still running an entirely separate computer.

 

[4sallypat]

It's just "Mac."
Microsoft Remote Desktop works well, and has for years. I have never heard of it having a bad reputation. Microsoft's implementation is nothing like the way Remote Desktop/Screen Sharing works from a host Mac, so maybe that's what you've heard.
The biggest disadvantage of Microsoft Remote Desktop is that you're still running Windows and you're still running an entirely separate computer.

I'd agree on that - I always use Microsoft RD on my Macs to remote into PC servers on our work network.

Looks sharp, responsive, and works well together.

As soon as I am done, disconnect and back to the Mac

 

[bobcomer]

It has a bad reputation because it's been very hackable. You just don't expose it to the internet if you can help it. Inside a LAN is only okay if it's a trusted LAN, and that includes using VPN to get to that trusted LAN.

 

[m1maverick]

It has a bad reputation because it's been very hackable. You just don't expose it to the internet if you can help it. Inside a LAN is only okay if it's a trusted LAN, and that includes using VPN to get to that trusted LAN.

It's had some security vulnerabilities but I'm not sure I would consider it "very hackable". MS-RDP is typically blocked at the perimeter because security professionals feel that remote connections should be done through a VPN connection. This also applies to other forms of remote connectivity. IMO VPN devices have not proven to be any less likely to contain vulnerabilities compared to other forms of remote connectivity (such as MS-RDP or SSH).

I had an MS-RDP system, Windows 2008 Server, exposed to the Internet for many years and only removed it because the OS lost security patch support. It was never compromised. Likewise I have several Linux systems with SSH exposed to the Internet. None of those systems have been compromised either.

 

[bobcomer]

It really is quite hackable, especially before NLA. You're actually pretty lucky, but maybe you had your server before it became a fav target of the script kiddies. Before I went all VPN, a good 30% of the traffic over our internet connection was attempts at hacking RDP...

I don't do SSH outside the LAN at all so I can't comment on how hackable it might be.

 

[m1maverick]

It really is quite hackable, especially before NLA. You're actually pretty lucky, but maybe you had your server before it became a fav target of the script kiddies. Before I went all VPN, a good 30% of the traffic over our internet connection was attempts at hacking RDP...

I don't do SSH outside the LAN at all so I can't comment on how hackable it might be.

Can you provide details to support this statement?

 

[naughtybehavior86]

It really is quite hackable, especially before NLA. You're actually pretty lucky, but maybe you had your server before it became a fav target of the script kiddies. Before I went all VPN, a good 30% of the traffic over our internet connection was attempts at hacking RDP...

I don't do SSH outside the LAN at all so I can't comment on how hackable it might be.

I am in my residence through LAN would this not be secure as I have it now?

 

[bobcomer]

Can you provide details to support this statement?

I live it and learned as I go, but this article says a lot of what I know.

The Risks of Remote Desktop Access Are Far from Remote

RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.

www.darkreading.com

 

[bobcomer]

I am in my residence through LAN would this not be secure as I have it now?

As long as it's inside the LAN and you know you don't have any hackers also inside the LAN, you're pretty secure.

 

[naughtybehavior86]

As long as it's inside the LAN and you know you don't have any hackers also inside the LAN, you're pretty secure.

how about running Nord VPN on the client and host computer?

 

[chrfr]

how about running Nord VPN on the client and host computer?

If they’re both on your home network, there is zero benefit in doing this, and this would most likely prevent you from being able to connect from one computer to the other. A standard home network will not be exposing your Remote Desktop ports to the outside world and you have no reason to worry.

 

[bobcomer]

If they’re both on your home network, there is zero benefit in doing this, and this would most likely prevent you from being able to connect from one computer to the other. A standard home network will not be exposing your Remote Desktop ports to the outside world and you have no reason to worry.

Thanks for your clarification, you said it better than I did.

 

[naughtybehavior86]

Thanks you guys. Big help.

 

[m1maverick]

I live it and learned as I go, but this article says a lot of what I know.

The Risks of Remote Desktop Access Are Far from Remote

RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.

www.darkreading.com

What you provided isn't a weakness in the RDP protocol itself but rather a brute force, password guessing attack.

 

[bobcomer]

What you provided isn't a weakness in the RDP protocol itself but rather a brute force, password guessing attack.

That's just the easiest attack, and the bandwidth usage of those attacks are what I was mainly talking about, but there have also been several other vulnerabilities. I don't think there's any way I could give you a reference as I don't know of a single place to find them.

 

[m1maverick]

That's just the easiest attack, and the bandwidth usage of those attacks are what I was mainly talking about, but there have also been several other vulnerabilities. I don't think there's any way I could give you a reference as I don't know of a single place to find them.

Any service that requires a user ID and password can be brute force attacked. As for vulnerabilities RDP is no more / less likely to contain one than any other service. RDP has had vulnerabilities however I do not think any more than other service which are publicly exposed to the Internet.

If you want to look up vulnerabilities by product / manufacturer you can use something like CVE Details.

 

[bobcomer]

Any service that requires a user ID and password can be brute force attacked. As for vulnerabilities RDP is no more / less likely to contain one than any other service. RDP has had vulnerabilities however I do not think any more than other service which are publicly exposed to the Internet.

If you want to look up vulnerabilities by product / manufacturer you can use something like CVE Details.

You are very underestimating the vulnerability of RDP when it's exposed to the internet. It's not my job to convince you, but I know I have no RDP direct access from the internet, either here or at work, you can do what you want.

 

[naughtybehavior86]

is there a big security risk between remote desktop with two computers directly connected via ethernet versus both connected via ethernet to your xfinity router gateway? Both would be IPv4. Just ones is direct one is through your router.

I have mine going through the router so that I do not need a second ethernet cable for each PC for the internet.

 

[bobcomer]

is there a big security risk between remote desktop with two computers directly connected via ethernet versus both connected via ethernet to your xfinity router gateway? Both would be IPv4. Just ones is direct one is through your router.

I have mine going through the router so that I do not need a second ethernet cable for each PC for the internet.

That's all local LAN, so no, that's not vulnerable.

 

[m1maverick]

You are very underestimating the vulnerability of RDP when it's exposed to the internet. It's not my job to convince you, but I know I have no RDP direct access from the internet, either here or at work, you can do what you want.

I am a CISSP who does security risk management for a living. I don't need to look anything up because I live it, and have been doing so, for over 20 years. So if you want to make statements contrary to my area of expertise I would appreciate your explaining why I should put trust in them. I do not feel that's unreasonable, why you think so is puzzling.

 

[bobcomer]

I am a CISSP who does security risk management for a living. I don't need to look anything up because I live it, and have been doing so, for over 20 years. So if you want to make statements contrary to my area of expertise I would appreciate your explaining why I should put trust in them. I do not feel that's unreasonable, why you think so is puzzling.

It's part of what I do for a living too. As for reasonable, no -- I've lived it too, and I'm not about to go out and find references to every RDP vulnerability I had to protect against, that's all in the past. I fixed the problem by blocking our RDP direct access and putting it all behind a VPN. You want to convince me it's safe, you can't, and there's no way in hell that you can say the constant brute force attacks of open RDP servers is an insignificant event. 30% of traffic is HUGE.

 

[m1maverick]

It's part of what I do for a living too. As for reasonable, no -- I've lived it too, and I'm not about to go out and find references to every RDP vulnerability I had to protect against, that's all in the past. I fixed the problem by blocking our RDP direct access and putting it all behind a VPN. You want to convince me it's safe, you can't, and there's no way in hell that you can say the constant brute force attacks of open RDP servers is an insignificant event. 30% of traffic is HUGE.

If you're unwilling to provide proof RDP has more vulnerabilities than other, public facing services then why should I trust your statements that it is any more hackable? You made a claim and it is not unreasonable to expect you to support it. If you are unwilling to do so then I have no choice but to conclude you're not familiar enough with the subject matter and therefore dismiss your statements regarding such.

Furthermore I do not recall claiming that a constant brute force attack is insignificant. However it is no more significant than a brute force attack against other publicly exposed services.