I don't know if this is [still] true or not but I've heard that RDP, regardless of server, uses the same key for encryption and even though you use high encryption for the RDP session, because that key is already known, someone could decrypt the traffic (gain your username and password). Most people will RDP through a VPN tunnel or create a website with an RDP ActiveX control on it that is accessed over HTTPS. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, March 08, 2006 5:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: RDP SERVER http://www.ISAserver.org Either...your choice. Lots of security concerns with RDP......it's up to you to decide if it's secure enough for you. ________________________________ From: Raj [mailto:rajkishore.upadhyay@xxxxxxxxx] Sent: Wednesday, March 08, 2006 6:39 AM To: ISA Mailing List Subject: [isalist] RE: RDP SERVER http://www.ISAserver.org how shall I add as computer set or address range........... Guide me............ IS there any other security conceren related with RDP server On 3/8/06, Steve Moffat <steve@xxxxxxxxxx> wrote: http://www.ISAserver.org <http://www.isaserver.org/> yes ________________________________ From: Raj [mailto:rajkishore.upadhyay@xxxxxxxxx] Sent: Wednesday, March 08, 2006 5:52 AM To: ISA Mailing List Subject: [isalist] RDP SERVER http://www.ISAserver.org <http://www.isaserver.org/> can we make a rule on the ISA 2004 so that we could that the ISA will handle on the incoming request from a particular IP or a network..