RDP是Windows操作系统中的远程桌面协议,属于一种加密协议,由于Windows操作系统被广泛应用于个人和运维环境中,如何对RDP操作进行合法合规的安全审计,提高运维系统的安全性.RDP采用加密数据传输,为解决RDP加密数据采集并解析成明文数据进行安全审计的问题,本文提出了一种基于中间人原理的RDP数据采集方法,该方法只针对RDP的基本连接.该方法基于客户端和服务器的TCP连接,在密钥协商阶段,获取加密数据传输阶段的RC4密钥.在加密数据传输阶段,收到密文数据后直接转发,再用获取的RC4密钥进行解密,获取明文数据.通过在实际的数据采集器中的实现,该方法相比已有的串联方法减少了28%的传输延迟时间,相比已有的旁路方法,不受网络丢包影响,且更安全,适用范围广.%RDP is a remote desktop protocol in the Windows operating system and is widely used in personal and operation and maintenance environments.How to support the RDP audit to improve the security of operation and maintenance systems is an important question.RDP is a kind of cryptographic protocol.To solve the problem of RDP encryption data gathering,decryption and audit,a RDP gathering method based on man-in-middle is proposed.The proposed method just applies to RDP standard connection.The proposed method is based on the TCP connection between client and server.The method gets the RC4 secret key which is used in the phase of the encryption data transmission during the phase of the key agreement.During the phase of the encryption data transmission,the encryption data is transmitted immediately when the data is obtained.After that,the encryption data is decrypted by using the RC4 secret key.The proposed method is realized in a real network data collector.The proposed method can decrease the transmission delay by 28% in comparison to the series method.The proposed method can increase the security and is not affected by the network packet loss in comparison to the bypass method.
展开▼
