Securing Remote Desktop (RDP) for System Administrators
Archived: 2026-04-05 16:20:16 UTC
How secure is Windows Remote Desktop?
Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by
listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier
versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle
attack(link is external). 
Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7, Windows 8, Windows 10,
Windows 11, and Windows Server 2003/2008/2012/2016/2019/2022/2025. *Some systems listed are no longer
supported by Microsoft and therefore do not meet Campus security standards.  If unsupported systems are
still in use, a security exception is required.
While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire
session, any time Administrator access to a system is granted remotely there are risks. The following tips will help
to secure Remote Desktop access to both desktops and servers that you support.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License(link is
external).
Source: https://security.berkeley.edu/node/94
https://security.berkeley.edu/node/94
Page 1 of 1