But you claim that there’s plenty of vulnerabilities but can’t even name a single one. Or where to find a link to one?
Last edited by a moderator:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why does Remote Desktop have a bad reputation?
- Thread starter naughtybehavior86
- Start date
- Sort by reaction score
The key here is I'm not trying to change your mind. Given the topic of the thread, I stated mine, that's it, end of story. You can state yours pretty simply too, but asking for proof outside the topic, sorry, not what i'm in the Mac Rumors forum for. (I'm here to mainly talk about and learn, you guessed it, Mac's!)
He's not in error that MS-RDP has had security vulnerabilities. CVE-2019-1181 and CVE-2019-1182 are two serious vulnerabilities which have affected MS-RDP. These two vulnerabilities are especially problematic in that the are unauthenticated RCE vulnerabilities.
The issue I have with his statement is that MS-RDP, by nature of what the service is, is any more susceptible to vulnerabilities / exploit than any other service.
Uh, did you happen to read the title of the thread?
"Why does Remote Desktop have a bad reputation?"
I don't think RDP is not good, it's excellent, no other remote desktop software that I use is faster. I just don't expose it to the internet, I keep it behind a VPN. I use it every day.
Last edited by a moderator:
Yes ,i'm read it . That's the main point ? Bad reputation not effecting work flow. If workflow effected, just use alternative. If no alternative, just use the dam Microsoft os directly.
Just out of curiosity, does anyone use non-standard port numbers for their servers, and is this helpful?
Years ago I found a script kiddie employing a password guesser pounding on my ssh server. I let them do it for over 40 days just to see if they'd guess my password. When I changed the ssh server's port to an unused and non-standard port, I lost the script kiddie and have never had a problem since. An advantage also is that using different nonstandard ports on different machines allows one to distinguish between them.
But I'm an old fart so probably this is not useful in today's world. Just curious what others do?
Years ago I found a script kiddie employing a password guesser pounding on my ssh server. I let them do it for over 40 days just to see if they'd guess my password. When I changed the ssh server's port to an unused and non-standard port, I lost the script kiddie and have never had a problem since. An advantage also is that using different nonstandard ports on different machines allows one to distinguish between them.
But I'm an old fart so probably this is not useful in today's world. Just curious what others do?
I always changed the port number, both for making them more obscure, and for working better with port forwarding. (If you're using one public address with multiple PC's.) It helps some for awhile, but they eventually find the port and the barrage resumes.
I've been using VNC for years as a way of exiling noisy fans. I now have a M1 MBA that runs a headless Mac Mini remotely. The Mini sits between two NAS units and provides a fast LAN service for heavy computation. Previously I used a self-build power machine running Win7.
I think you answered your own question. You changed the port and the activity stopped. This shows that doing so had some benefit to you. However it would apply to only the beginner hackers, anyone with any basic hacking skills would easily find the new port. Still if it cuts down on traffic to your server that's a win. Not only from a security perspective but a bandwidth consumption perspective as well.
With tools like Shodan.io cataloging everything on the Internet these kinds of tricks are really useless. If it stops a script kiddie from banging on the SSH port and doesn't have any side effects for you then why not.
As for differentiating different servers by port why don't you just differentiate them by name or IP address?
Yes, you are right. Advanced hackers will always find open ports. But perhaps many script kiddies aren't often that advanced.
And I thought Shodan.io charges a significant monthly fee for unlimited IP searches thus many script kiddies would not be using it. For home, I do run my own VPN and DNS services, and thus once logged in to my VPN I use DNS names for various machines. But by picking different ssh ports on different machines means that using port forwarding on my router allows me to quickly ssh to a particular machine from the internet without having to login to my VPN. For my case, not running servers on standard ports has saved bandwidth.
Shodan does charge considerable money for unlimited access. I was just saying that it is cataloging everything no matter what ports.
I've always liked RDP as the performance is quite good compared to VNC. People use VNC because it's free or cheap or they aren't running Windows. I also liked Oracle Secure Global Desktop but it's not free.
I would use it if Microsoft had a macOS server version. My use case is Windows desktop and I'd like to RDP into a macOS host. I have played around a lot with VNC and performance isn't good enough. My current use case is macOS next to Windows system with keyboard and mouse unified using Synergy.
I would use it if Microsoft had a macOS server version. My use case is Windows desktop and I'd like to RDP into a macOS host. I have played around a lot with VNC and performance isn't good enough. My current use case is macOS next to Windows system with keyboard and mouse unified using Synergy.