PCI compliance: using SSL as transport layer for RDP (Terminal Service)
- by Crashalot
My client failed her PCI compliance audit. The server supports Remote Desktop (Terminal Service) but only provides encryption and not authentication. This exposes the server to Man-In-The-Middle attacks.
The supposed solution is to force SSL as the transport layer for RDP.
Anyone know how to do this?
The server runs Windows 2003.