Remote desktop protocol (RDP) is a secure network communications protocol from Microsoft. RDP is designed for remote management, remote access to virtual desktops, applications and an RDP terminal server.
RDP allows network administrators to remotely diagnose and resolve problems that individual users encounter. To use RDP, network administrators would use RDP client software, and the individual users would use RDP server software.
RDP works by providing users with a graphical interface, that allows them to connect to another computer remotely. RDP works with multiple different types of network technologies.
RDP is available for most versions of the Windows operating system. RDP for Apple macOS is also an option. An open source version is available, as well. RDP is an extension of the ITU-T T.128 application sharing protocol.
Features and functions
RDP is secure, interoperable, and enables network terminals. RDP creates secure connections between clients and servers/virtual machines, and virtual desktops are encrypted. RDP works across different Windows operating systems and devices, and enables strong physical security through remote data storage.
Noteworthy properties of RDP include:
- smart card authentication
- bandwidth reduction
- the ability to use multiple displays
- the ability to disconnect temporarily without logging off.
- RemoteFX – virtualized GPU support
- 128-bit encryption for mouse and keyboard data. Uses RC4 encryption
- audio redirection – audio from a remote desktop is redirected to the user’s computer.
- file system redirection – local files can be redirected to and used on a remote desktop
- printer redirection – local printers can be used in remote desktop sessions.
- port redirection – applications in the remote desktop session can access local ports.
- shared clipboard between local and remote computers
- applications on a remote desktop can be run on a local computer
- with Window Server 2008, a front-end IIS server can accept connections for back-end Terminal Services servers
- Transport Layer Security (TLS) support
RDP can support up to 64,000 independent channels for data transmission. Data can be encrypted using 128-bit keys. The bandwidth reduction feature optimizes the data transfer rate in low-speed connections.
How the remote desktop protocol works
Remote client users can connect to servers and virtual machines securely over a network for communication. Different types of data are communicated through multiple, separate channels.
The RDP protocol is designed to provide remote access through port 3389. An RDP-enabled application or service packages the data that is to be transmitted, and the Microsoft Communications Service directs the data to an RDP channel. From there, the operating system encrypts the RDP data and adds it to a frame so that it can be transmitted.
The Terminal Server Device Redirector Driver handles all RDP protocol activity. This driver is made up of subcomponents such as the RDP driver (Wdtshare.sys), which handles user interfaces, transfers, encryption, compression and framing. The transport driver (Tdtcp.sys) is responsible for packaging the protocol in such a way that allows it to be sent across a TCP/IP network.
It is generally recommended that administrators and end users only use RDP when it is absolutely necessary. Furthermore, it should be run at the lowest level of privilege possible. When running RDP, it’s important to follow RDP best practices to prevent security issues.
The protocol has presented some security issues in the past. Early versions contained a vulnerability that allowed an RDP session to fall victim to a man-in-the-middle attack, through which the attacker could gain unauthorized access. Historically, RDP has also been susceptible to pass the hash attacks and computer worms. Though less effective, brute force attacks may also be launched against RDP.
Newer versions of RDP are far more secure. More recent Windows operating systems contain a mechanism for specifying which users are allowed to access the system through an RDP session. There is also an option to prevent anyone from remotely accessing the system unless they are using network-level authentication.