5.1 Security Considerations for Implementers
For RPC over HTTP transport, it is recommended that authenticated RPC be used by this protocol, as specified in [C706] section 13.
The RDG server audits all tunnel (2) and channel connections to the target server. The RDG server determines which RDG clients are allowed to connect and which authentication service they use.
During the tunnel creation for main channel, the RDG server sends a nonce represented by a GUID to uniquely identify the connection to prevent SoH replay attacks. The RDG client MUST send this GUID if it sends the SoH, as specified in section 2.2.9.2.1.4.