Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is RDP secure enough over Internet  or it it needs IPSEC - Windows Server 2012

Posted on 2016-08-29
3
Medium Priority
?
235 Views
Last Modified: 2016-08-30
Hi Security Experts,
To access server having public IP hosted behind firewall, Is RDP (TCP/3389) secure enough , Or it Required or only recommended to do it Over IPSEC tunnel ?
 Server is Windows Server 2012 and access is from internet.
Regards
0
Comment
Question by:a_hic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Expert Comment

by:Benjamin Voglar
ID: 41774385
Opening port 3389 is as secure as (if not more than) HTTPS or non-certificate based VPN, as all traffic is encrypted within the RDP Packets.

Of course, it is necessary to have installed security patches.

http://searchsecurity.techtarget.com/tip/Remote-Desktop-Protocol-security-How-to-secure-RDP-network-endpoints
1
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 41774389
Direct RDP should use high encryption and extended security, then is is safe enough. Changing the public port obfuscates its purpose and adds some more of secuirty.

A VPN allows more features than just RDP - so it is more useful. It also allows to fix the encryption level. In short, IPSec is better, RDP is enough.
1
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41774579
RDP is secured by SSL and also NLA, I will say it suffice it is  secure enough for most usage. However, I do want to qualify that statement to remote access is within internal network to the system that are all domain managed via a common AD. For the case of RDP from external network including internet, VPN secured the RDP traffic with hiding of the internal info which SSL and NLA do not. As a whole, the key is to level up the security for remote access with second factor (e.g. smartcard etc) for identity assurance
1

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this article, we’ll look at how to deploy ProxySQL.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question