I have 25 users who would like to use their Windows 7 PCs from home. I could open 25 ports on my firewall and NAT each to their PC. Or I could setup a VPN like pfSense or Sophos Essentials or a paid solution.
Which is the most secure option or is there a better way.
If I open 25 ports, my firewall starts to look like Swiss cheese.
If I give the users VPN access, their potentially infected home computers could start Crypto Locking everything.
What's the best option here? They only need to RDC to their PC. No access to any other resource directly.