PowerShell remoting authentication and security considerations
PSRemoting traffic is encrypted by default – regardless of whether a connection was initiated via HTTP or HTTPS. The underlying protocol that’s used is WS-Man, which is decoupled to allow it to be used more broadly. PSRemoting uses an authentication protocol, such as Kerberos or NTLM, to authenticate the session traffic, and SSL/TLS is used to encrypt the session traffic, regardless of whether the connection was initiated via HTTP or HTTPS.
But similar to every other computer, PSRemoting is only as secure as the computer that’s been configured. And if you don’t secure your administrator’s credentials, an attacker can extract and use them against you.
Therefore, you should also put effort into hardening your infrastructure and securing your most valuable identities. You will learn more about Active Directory security and credential hygiene in Chapter 6, Active Directory – Attacks...