RDP or Site-to-site VPN

Tiras25
Tiras25 used Ask the Experts™
on
I noticed some clients implementing RDP and NAT'ing via the port 3389 and others doing this  more difficult way.  Point-to-point VPN tunnel.  Then problem is when you at home or mobile.  So if you in the office you can connect transparently via P2P VPN.  But if you at home or  mobile you need to dial a corporate VPN first  to get there.  With RDP over VPN you can reach from anywhere in the world.

Why some places doing this way and others another way.  What's the advantages and disadvantages?  Please advice.
Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
>>> implementing RDP and NAT'ing via the port 3389
>>> or doing this  more difficult way.  Point-to-point VPN tunnel

The first way (in most cases) exposes the server to the world and says "I am open to hackers".

The second way (in the vast majority of cases) precludes such hacking attempts and is much more secure.

I do not recommend the first way. .... Thinkpads_User
I am with Thinkpads_User. I can add - with VPN you will get not only RDP, but also other protocols. You will also get bi-directional connection and IT personnel can help you remotely.
Yes, Thinkpads_User is correct. The RDP over NAT exposes you in the internet making you vulnerable to attack.

Where P2P VPN provides you the necessary security by encrypting the channel and protecting your information.
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Yes, I agree. Recently a security exploit has been found allowing to hijack RDP sessions without needing valid account information. If your RDP port is visible to the public, it will be attacked for sure.
RDP over VPN is slower, because encryption has to be performed, and at least one device more is involved; that includes bigger lags, and more traffic to transport. However, since security and authentication is handled with the VPN, the security means to apply for the RDP session are minimal (the same as if you were in the LAN).

BTW, both direct public RDP and VPN can be troublesome if in a foreign network. Ports are often blocked, and I have seen RDP, IPSec, PPTP and other common ports not passing in hotels or public WLAN spots.

Author

Commented:
Got it.  So if work on some client sensitive information I better install Site-to-site VPN.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Any case where a site-to-site VPN can be considered is a sure thing you should do it. Site-to-site VPNs are build for always-up, transparent and reliable virtual connections.

The issues and difficulties arise if you are mobile, or want occassional "on-the-fly" access. Then it is different, and there is no definitive answer for what method to use.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
For site to site, I recommend hardware VPN (Juniper Netscreen or Cisco LinkSys). Once set up, remote access is easy with the appropriate client software. .... Thinkpads_User
Distinguished Expert 2017
Commented:
The issue with the VPN one has to consider is that you expose your LAN based on the weakest secuirty which could be the remote computer.
Cisco and juniper devices can configure the VPN for the user with a limit on which resources they can access versus having the entire LAN open to the remote computer.

Similar thing can be handled over an ssh tunnel which has the similar exposure I.e. direct access/attack vector.
Using two factor authentication could help in securing vpns and RDP connections.

Author

Commented:
Sorry for the delay.  Will be closing and assigning points soon.  Thanks!
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thanks, and good luck going forward.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial