Remote Desktop Security Question

Discussion in 'sandboxing & virtualization' started by chrome_sturmen, May 7, 2016.

  1. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    This may not be the correct forum for the question but there's no networking forum, apologies if so:

    Say you had an operating system installed which was configured to have no internet access. From this operating system, you remote desktop into another computer on your network which has normal internet access/antivirus etc, and browse the internet through that computer.

    If somehow you got an infection of some sort while web browsing during the remote session, would it funnel through the remote desktop session over to the computer without internet access, or would it be confined to the computer connected to via remote desktop?

    thank you
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,083
    If you enable access to local resources (let's say local drives) malware could write to local drives if you get infected during remote session. So ransomware could encrypt your locally stored data. But for malware to execute, you would still have to run in on your local computer.

    upload_2016-5-8_7-31-51.png

    EDIT: your data could also get encrypted through network shares, but that's not related to RDP.
     
  3. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    The computer without internet access, as well as the computer I mentioned remoting into to browse the web, both have access to a shared network drive on another machine (which also has no internet access).

    I guess the infection vector would be the computer browsing the web - you are saying that a virus could look for network drives and spread to them and their host computers?
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,083
    Computer having access to internet and also to shared resources can modify data on shared resources. So ransomware run on that system can encrypt data on shared resources on computer that doesn't have internet access. Shared data can be exposed to malware but system itself shouldn't. You would still have to run malware manually on system with no internet access to get it infected.
     
  5. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige

    Could an antivirus or something similar stop the infection of the shared resource, if installed on the system hosting the share/without internet?
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,083
    I don't know if AV would detect encryption of files since the encryption process would be run on another computer. IMO it would be better to share only "temp" folders that are used to exchange data but not other folders that store your personal data. Also question remains how would you update AV on computer with no internet connection.