2.9 Security

The Remote Desktop Services protocols include security features for creating secure end-to-end connections between mutually authenticated RDP clients and RD Session Host servers. The Remote Desktop Services protocols also include security features to ensure the privacy and integrity of data exchanged using encryption. The security mechanisms that provide secure end-to-end communication for basic connections and virtual channels are described in [MS-RDPBCGR] (section 5). For UDP datagram validation, see [MS-RDPEUDP] section 5. The RDP Multi transport connections use SSL and DTLS respectively for reliable and unreliable UDP transport connections for data encryption and server certificate validation. In addition, there are general implementation-specific restrictions relating to some of the components of the Remote Desktop Services protocols as detailed in the following sections.

In multi transport connections, the client is authenticated to the server by presenting the secure cookie as part of the Tunnel Create Request PDU that the server provided to the client over the secure main RDP connection, as defined in [MS-RDPBCGR] section 2.2.2.