Sun Microsystems VERSION 3.1.0_BETA2 user manual RDP encryption, Vrdp multiple connections

7Alternative front-ends; remote virtual machines

7.4.6RDP encryption

RDP features data stream encryption, which is based on the RC4 symmetric cipher (with keys up to 128bit). The RC4 keys are being replaced in regular intervals (every 4096 packets).

RDP provides three different authentication methods:

1.Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user credentials can be obtained using a man in the middle (MITM) attack, RDP4 authentication is insecure and should generally not be used.

2.RDP5.1 authentication employs a server certificate for which the client possesses the public key. This way it is guaranteed that the server possess the correspond- ing private key. However, as this hard-coded private key became public some years ago, RDP5.1 authentication is also insecure and cannot be recommended.

3.RDP5.2 authentication is based on TLS 1.0 with customer-supplied certificates. The server supplies a certificate to the client which must be signed by a certificate authority (CA) that the client trusts (for the Microsoft RDP Client 5.2, the CA has to be added to the Windows Trusted Root Certificate Authorities database). VirtualBox allows you to supply your own CA and server certificate and uses OpenSSL for encryption.

While VirtualBox supports all of the above, only RDP5.2 authentication should be used in environments where security is a concern. As the client that connects to the server determines what type of encryption will be used, with rdesktop, the Linux RDP viewer, use the -4 or -5 options.

7.4.7 VRDP multiple connections

The VirtualBox built-in RDP server supports simultaneous connections to the same running VM from different clients. All connected clients see the same screen output and share a mouse pointer and keyboard focus. This is similar to several people using the same computer at the same time, taking turns at the keyboard.

The following command enables multiple connection mode:

VBoxManage modifyvm VMNAME --vrdpmulticon on

If the guest uses multiple monitors then multiple connection mode must be active in order to use them at the same time (see chapter 9.7, Multiple monitors for the guest, page 143).

105