I have SMS 2003 SP3, so couldn't test SCCM specifically.  However..

 

As far as I was aware, the level of RDP encryption is normally controlled by the maximum level supported by the RDP client software.  It can be enforced by GPO.

 

http://technet.microsoft.com/en-us/library/bb457106.aspx

http://technet.microsoft.com/en-us/library/bb457177.aspx

 

Remote Assistance and Remote Desktop both use RDP, so are both capable of encryption (128 bit).

 

As for SMS Remote Tools, it doesn't appear that Remote Control sends plain text, but if you use Remote Chat, it definitely does send plain text.  I did a packet capture during various tests, and found that the last byte on each packet for the Remote Chat traffic (destination port 2703) contained the character I typed in the chat window.

 

Also, Netmeeting isn't really a remote control option above XP and 2003.

 

As for other traffic you can encrypt traffic from clients to management points.  You can also use "https" for your reporting point.

 

Tom Watson

 

From: admin@lists.myITforum.com [mailto:admin@lists.myITforum.com] On Behalf Of Burke, John
Sent: 07 July 2009 19:24
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM Remote Control and Security - Data protected from Snoopers? Someone Who knows Security want to Help?

 

The more I see about this the more things don't make sense. Lots of hits in google about how Netmeeting does encryption but RPD is wide open (unless you set up certificates and so on)

 

From: admin@lists.myITforum.com [mailto:admin@lists.myITforum.com] On Behalf Of Burke, John
Sent: Tuesday, July 07, 2009 12:35 PM
To: mssms@lists.myitforum.com
Subject: [mssms] SCCM Remote Control and Security - Data protected from Snoopers? Someone Who knows Security want to Help?

Hi folks,

 

Security is asking me about RDP and so on as there are concerns about plain text transmissions even internally now.

 

I have to ask.  If you are NOT in Naitive mode using Certificates to encrypt everything is anything SMS does actually protected?

 

Remote Control - Is this data all sent plain text?

 

RDP - Is this sent plain text (assuming it's exactly the same as just calling RDP outside the console).

 

Remote assistance - same question as above. Is this any different then simply calling remote assistance?

 

The security team is saying we should be using NETmeeting for all of this because at least it's encrypted.

 

I know very little about encryption.. so these are probably all stupid questions.


==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/

Published with BlogMailr

07:18 - Jul 08, 2009



Trackbacks

No Trackbacks

Comments

No Comments