7Alternative
–On Linux hosts, VRDPAuth.so authenticates users against the host’s PAM system.
–On Windows hosts, VRDPAuth.dll authenticates users against the host’s WinLogon system.
In other words, the “external” method per default performs authentication with the user accounts that exist on the host system. Any user with valid authentica- tion credentials is accepted, i.e. the username does not have to correspond to the user running the VM.
However, you can replace the default “external” authentication module with any other module. For this, VirtualBox provides a
•Finally, the “guest” authentication method performs authentication with a special component that comes with the Guest Additions; as a result, authentication is not performed with the host users, but with the guest user accounts. This method is currently still in testing and not yet supported.
7.4.5 RDP encryption
RDP features data stream encryption, which is based on the RC4 symmetric cipher (with keys up to 128bit). The RC4 keys are being replaced in regular intervals (every 4096 packets).
RDP provides three different authentication methods:
1.Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user credentials can be obtained using a man in the middle (MITM) attack, RDP4 authentication is insecure and should generally not be used.
2.RDP5.1 authentication employs a server certificate for which the client possesses the public key. This way it is guaranteed that the server possess the correspond- ing private key. However, as this
3.RDP5.2 authentication is based on TLS 1.0 with
While VirtualBox supports all of the above, only RDP5.2 authentication should be used in environments where security is a concern. As the client that connects to the server determines what type of encryption will be used, with rdesktop, the Linux RDP viewer, use the
98
