How secure is RDP?

I believe that Teamviewer is a proxy service for tunnelled VNC connections. Hence, the first security consideration with regard to that service is that it is MITM'ed by design. There have been suggestions that the service was compromised a couple of months ago.

(Note that although VNC uses encryption, the entire exchange is not, by default, encapsulated - but it's trivial to setup a SSL/ssh/VPN tunnel).

Next consideration is that it means installing third party software on your systems - but then if you're running a Microsoft platform then you're already running software from multiple vendors which is probably not covered by your patch management software; keeping software up to date is one of the most effective means of protecting your systems.

As long as your RDP connection is using SSL, it should be at least as secure as Teamviewer, and IMHO, a lot more so.


Edit: According to the comments there seems to be combination of configuration options in the enterprise edition of TeamViewer which might reduce my concerns. Since I have never used those, I cannot give an assessment about those and how well they work. According to the comments it might to be a buggy solution.

I am a server admin (Windows and Linux) and I would block any attempt to install TeamViewer on the servers for following reasons:

  • all data travel over a trusted (?) third-party server and this is on the internet: why should I trust them? Are you sure there is no security hole that lets someone on the data path attack the systems? Do I trust that their servers don't get compromised?
  • it depends on the internet: network/internet problems are more likely to disable the ability to remote admin the systems
  • third-party closed source software with proprietary (undocumented?) protocol: should I trust them and that their protocol is secure?
  • I don't know about user/rights management for TeamViewer but this might also be a problem. As far as I know, TeamViewer gives you the screen of the currently logged in user, which might give problems with audits (which person did a certain action?) and user rights (the person connecting gets the rights of the previous connected user). I hope everybody has it's own user on the server and doesn't use the same (maybe even administrator!) user.

To me, there are too many red flags.

Our servers are in an isolated subnet where the firewall/switch only allows preconfigured ports in and allows users to connect with VPN to this subnet with their username/password. We follow a defence-in-depth approach: only certain groups get privilege to connect to the VPN with their user. Inside the VPN, they can use RDP or SSH. If there should be a security vulnerability in RDP, the attacker would first need access to VPN or LAN. This would mean they would be either our IT staff (which a company must trust to some degree), get access to VPN or physical access or hack one of the servers. Physical access means breaking into the datacenter; if this happens, there are bigger worries. The same goes for someone of the IT staff going postal. If they breach one of the servers, they would also need a privilege escalation vulnerability to attack because they are locked down accounts. For VPN access, he would need a vulnerability in the VPN or get the account of someone with VPN privileges.

And all of this only in the case that there is an RDP vulnerability. Most likely only an attacker classified as an advanced persistent threat (APT), which is to say someone using sophisticated techniques to target your specific system in a sustained attack, would have a 0-day exploit for RDP and it is more likely that such an attacker would be able to use easier methods/vulnerabilities in other software.


In addition to the other great answers, TeamViewer offers less physical security because it requires that the screen is unlocked in order to facilitate a remote session.

That is, anyone walking past a keyboard and monitor of a remotely administered session can observe it and possibly take over the session should the remote user not be paying attention.

Note, it appears possible to blank the screen after installation of a display driver, however this has to be done on each connection leaving a window of opportunity.

Also, you are now trusting the security of the TeamViewer screen blanking rather than the security of the Windows lock screen - make sure that you are comfortable with that.