Wednesday, December 16, 2009

Remote Desktop Services Using RDP

If you love the data on your desktop, and want it on the move, then this blog-post is for you. In this post, I will emphasize the Remote Desktop Protocol (RDP) of Microsoft using the Remote Desktop Services/Terminal Services.

Remote Desktop Protocol (RDP) is primarily a proprietary protocol developed by Microsoft, which focuses on providing user with a graphical interface to another computer.

Notable features of RDP include -

  • 32-bit color support
  • A 128-bit encryption algorithm and protection from vulnerabilities like the man-in-the-middle
  • Audio redirection
  • File System Redirection
  • Port Redirection
  • Support for Aero Glass Theme and ClearType font smoothing technology
  • Support for Transport Layer Security
  • Multiple monitor support

Remote Desktop Services, formerly known as Terminal Services, is one of the components of Microsoft Windows that allow a user to access applications and data on a remote computer over the network. It is built on the RDP protocol.

The RDP Desktop Services segregates the systems into two groups - the servers and the clients. RDP Servers and Clients exist for several versions of Microsoft Windows, Linux, UNIX, Mac OS X, etc.

This article will focus on configuring both, the RDP Servers and RDP Clients. The configuration steps mentioned here are restricted to the Windows line of Operating Systems - XP, Vista, etc; and for illustration purposes, I will be using Windows 7 as my server and Windows XP running on VirtualBox as my client.

Besides Windows, RDP servers are available for the UNIX Operating System in the form of several open-source projects. UNIX based RDP clients also exist, like the rdesktop.

Configuring RDP Servers

A RDP server is the heart of the RDP protocol. Once a system has been configured as a RDP server, any user with sufficient privileges can log into the system from any terminal and perform their tasks.

Configuring the RDP Server on Windows 7 involves the following steps -

  1. Right-click Computer and select Properties
  2. Click on Remote Settings link present in the left panel
  3. If you want to allow connections from any version of Remote Desktop, select the second option. This is a less secure configuration. However this will allow users from other versions of Windows and UNIX to connect to the system. For e.g. if a system with Windows 7 has been setup as a server, this option will allow older versions of Windows like XP and 2K to access it
  4. On the other hand if you are sure that you want users to connect from the same version of Remote Desktop, select the third option. This is a more secure configuration

Configuring RDP Clients

Once the server has been setup, any RDP Client can hook up to it from any system connected to it in the network.

Establishing a connection to a RDP Server from a system running Windows XP involves the following steps -

  1. Go to All Programs -> Accessories -> Remote Desktop Connection
  2. If the RDP Server has a computer name, enter the name. Else enter the IP address of the RDP Server
  3. Login with the proper username and password; and you are ready to work
  4. At the end, remember to log off and not shut down, because shutting the system down would require a physical startup the next time whereas logging in again can be done remotely

Remember - According the EULA of Microsoft Windows, only a single user can use the copy of Windows at a time. So there can be only one RDP Client active for a particular RDP Server. If another RDP Client logs in, the existing user will prompted to log off.

Facts and Features of RDP

  • RDP uses presentation virtualization to enable a much better end-user experience, scalability and bandwidth experience. RDP plugs into the Windows graphics system the same way a real display driver does, expect that, instead of being a driver for a physical video card, RDP is a virtual display driver
  • RDP usage of bandwidth is far less than expected. This is important as bandwidth is a very big constraint in networking. However, the bandwidth usage varies from the application to application being used. E.g. A slideshow in PowerPoint will drive more bandwidth than a simple movement of the mouse
  • RDP can be tuned as per the requirements of the user. Factors like user-experience can be compromised to reduce the usage of bandwidth. RDP can be configured to give better performance too
  • Color depths have no effect on the user-experience of RDP. Though the initial versions only supported 8bpp (bits per pixel), the newer versions support 32bpp, and in fact Aero needs 32bpp to function properly
  • RDP is highly secure as it supports strong encryption and uses Keberos or TLS/SSL for authentication
  • RDP is not only used in Remote Desktop Services, it is used in several applications like Windows Media Center Extenders (including Xbox 360), Windows Live Mesh, etc.
  • The RDP protocol is completely publicly documented. To understand the internal working of RDP, you can visit - http://msdn.microsoft.com/en-us/library/cc240445(PROT.10).aspx

Well that’s it for a simple RDP Server-Client setup. Do check back soon for my next article on Windows Meeting Space, which is another part of the Remote Desktop Services using the RDP.

Thursday, December 03, 2009

Reset Linux Root Password Using The GRUB

Before I start the central aspect of this article - resetting the Linux root password, let me quickly introduce you to boot loaders and the GRUB.

A boot sequence is the initial set of operations that the computer performs when the power of a computer is switched on. A boot loader typically loads the main Operating System for the computer.

A computer's central processor can only execute program code found in the Read-Only-Memory (ROM) and Random-Access-Memory (RAM). However, when the computer is switched on, it does not have an Operating System in its ROM or RAM. So a computer initially executes a small program stored in a ROM, which in-turn loads the required code and data into the RAM for execution.

This small program which performs this process is known as a bootstrap loader, bootstrap or a boot loader. This program is generally not the Operating System, but a miniature program which will load the required Operating System into the RAM from the non-volatile storage.

There are several popular boot loaders used today - GRUB, BOOTMGR, LILO and NTLDR. The GNU GRUB (GNU GRand Unified Bootloader) is a boot loader package from the GNU Project and is one of the most popular boot loaders available today. LILO (LInux LOader) is a generic boot loader for Linux. NTLDR (NT Loader) is the boot loader for all releases of Microsoft’s Windows NT Operating System. In later versions of Windows like Vista and Windows 7, NTLDR was replaced by the Windows Boot Manager (BOOTMGR).

In this article, we restrict ourselves to the GRUB loader. Typically, a few dual-boot environments and a few Linux based Operating Systems use the GRUB as their boot loader. Here is a screen-shot of the GRUB loader of Red Hat Enterprise Linux 5 -

There are many scenarios where we might need to reset the root password of our Linux system. Consider you have been assigned to a Linux system to work with and the previous owner forgot to give you the root password; maybe you are in the middle of an important project and you don’t have the root password of the system when you need it urgently and the worst part - the system administrator is not in sight; or maybe you just forgot it. The possibilities are limitless.

But remember, before you attempt to change or replace the password of any machine, make sure you have the necessary permissions from the management authorizing it. If not, it can be mistaken as an attempt to hack into the machine, which is not ethical.

  • Start the system, when the selection screen comes up, navigate to the line for Linux and press 'e'
  • Now, select the entry that begins with the word - 'kernel' and again press 'e'
  • Append 'single' to the end of the existing line. Make sure there is a space between the existing content and 'single'
  • Press 'b' to boot into Linux as the root

You are now in the special mode called the "Single-User Mode".

If prompted for the root password here, restart the system and in the previous step, append 'init=/bin/bash' after 'single'

  • Use 'passwd' to specify the new root password

I am sure that reading this procedure would have caused apprehensions in the minds of several readers about the security of their systems. Using this method, anybody can hack your system. So if you want to be careful and avoid such situations, you will need to restrict any modifications to the GRUB. This can be done by protecting the GRUB by using a password.

  • Open the shell prompt and login as the root
  • Use the 'grub-md5-crypt' command to get the MD5 hash of your GRUB password
  • Open '/boot/grub/grub.conf' and add 'password -md5 ' below the timeout field
  • Save and exit

From next time, if you want to edit the GRUB, you will have to press 'p' followed by the GRUB password. The downside of this is that there is an extra password for you to remember. Well, accessibility has always been a trade-off in security.

Note - Changing passwords of a system without proper permissions is unethical and illegal, which may lead to legal complications. So always follow a proper authorization channel before changing the passwords.