PCI compliance: using SSL as transport layer for RDP (Terminal Service)

My client failed her PCI compliance audit. The server supports Remote Desktop (Terminal Service) but only provides encryption and not authentication. This exposes the server to Man-In-The-Middle attacks.

The supposed solution is to force SSL as the transport layer for RDP.

Anyone know how to do 开发者_如何学Gothis?

The server runs Windows 2003.

The 'old' RDP indeed does not perform authentication, but I'd be careful using SelfSSL proposed in the link sent by @ig0774 (the rest of the data in the link is correct!) If authentication is what you care about, then have your client get a real server authentication SSL/TLS certificate from VeriSign or Thawte or someone else listen in the list of Windows trusted CAs.

I somehow doubt PCI will allow self-signed certs. But I'm happy to stand corrected!