Solved

Is RDP secure enough over Internet  or it it needs IPSEC - Windows Server 2012

Posted on 2016-08-29
3
75 Views
Last Modified: 2016-08-30
Hi Security Experts,
To access server having public IP hosted behind firewall, Is RDP (TCP/3389) secure enough , Or it Required or only recommended to do it Over IPSEC tunnel ?
 Server is Windows Server 2012 and access is from internet.
Regards
0
Comment
Question by:a_hic
3 Comments
 
LVL 12

Expert Comment

by:Benjamin Voglar
ID: 41774385
Opening port 3389 is as secure as (if not more than) HTTPS or non-certificate based VPN, as all traffic is encrypted within the RDP Packets.

Of course, it is necessary to have installed security patches.

http://searchsecurity.techtarget.com/tip/Remote-Desktop-Protocol-security-How-to-secure-RDP-network-endpoints
1
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 41774389
Direct RDP should use high encryption and extended security, then is is safe enough. Changing the public port obfuscates its purpose and adds some more of secuirty.

A VPN allows more features than just RDP - so it is more useful. It also allows to fix the encryption level. In short, IPSec is better, RDP is enough.
1
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 41774579
RDP is secured by SSL and also NLA, I will say it suffice it is  secure enough for most usage. However, I do want to qualify that statement to remote access is within internal network to the system that are all domain managed via a common AD. For the case of RDP from external network including internet, VPN secured the RDP traffic with hiding of the internal info which SSL and NLA do not. As a whole, the key is to level up the security for remote access with second factor (e.g. smartcard etc) for identity assurance
1

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
OfficeMate Freezes on login or does not load after login credentials are input.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now