beautypg.com

6 rdp encryption, 7 vrdp multiple connections, Rdp encryption – Sun Microsystems VIRTUALBOX VERSION 3.1.0_BETA2 User Manual

Page 105: Vrdp multiple connections

background image

7 Alternative front-ends; remote virtual machines

7.4.6 RDP encryption

RDP features data stream encryption, which is based on the RC4 symmetric cipher
(with keys up to 128bit). The RC4 keys are being replaced in regular intervals (every
4096 packets).

RDP provides three different authentication methods:

1. Historically, RDP4 authentication was used, with which the RDP client does not

perform any checks in order to verify the identity of the server it connects to.
Since user credentials can be obtained using a man in the middle (MITM) attack,
RDP4 authentication is insecure and should generally not be used.

2. RDP5.1 authentication employs a server certificate for which the client possesses

the public key. This way it is guaranteed that the server possess the correspond-
ing private key. However, as this hard-coded private key became public some
years ago, RDP5.1 authentication is also insecure and cannot be recommended.

3. RDP5.2 authentication is based on TLS 1.0 with customer-supplied certificates.

The server supplies a certificate to the client which must be signed by a certificate
authority (CA) that the client trusts (for the Microsoft RDP Client 5.2, the CA
has to be added to the Windows Trusted Root Certificate Authorities database).
VirtualBox allows you to supply your own CA and server certificate and uses
OpenSSL for encryption.

While VirtualBox supports all of the above, only RDP5.2 authentication should be

used in environments where security is a concern. As the client that connects to the
server determines what type of encryption will be used, with rdesktop, the Linux RDP
viewer, use the -4 or -5 options.

7.4.7 VRDP multiple connections

The VirtualBox built-in RDP server supports simultaneous connections to the same
running VM from different clients. All connected clients see the same screen output
and share a mouse pointer and keyboard focus. This is similar to several people using
the same computer at the same time, taking turns at the keyboard.

The following command enables multiple connection mode:

VBoxManage modifyvm VMNAME --vrdpmulticon on

If the guest uses multiple monitors then multiple connection mode must be active

in order to use them at the same time (see chapter

9.7

,

Multiple monitors for the guest

,

page

143

).

105

See also other documents in the category Sun Microsystems Hardware: