Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Is RDP secure enough over Internet  or it it needs IPSEC - Windows Server 2012

Posted on 2016-08-29
3
119 Views
Last Modified: 2016-08-30
Hi Security Experts,
To access server having public IP hosted behind firewall, Is RDP (TCP/3389) secure enough , Or it Required or only recommended to do it Over IPSEC tunnel ?
 Server is Windows Server 2012 and access is from internet.
Regards
0
Comment
Question by:a_hic
3 Comments
 
LVL 12

Expert Comment

by:Benjamin Voglar
ID: 41774385
Opening port 3389 is as secure as (if not more than) HTTPS or non-certificate based VPN, as all traffic is encrypted within the RDP Packets.

Of course, it is necessary to have installed security patches.

http://searchsecurity.techtarget.com/tip/Remote-Desktop-Protocol-security-How-to-secure-RDP-network-endpoints
1
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 41774389
Direct RDP should use high encryption and extended security, then is is safe enough. Changing the public port obfuscates its purpose and adds some more of secuirty.

A VPN allows more features than just RDP - so it is more useful. It also allows to fix the encryption level. In short, IPSec is better, RDP is enough.
1
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 41774579
RDP is secured by SSL and also NLA, I will say it suffice it is  secure enough for most usage. However, I do want to qualify that statement to remote access is within internal network to the system that are all domain managed via a common AD. For the case of RDP from external network including internet, VPN secured the RDP traffic with hiding of the internal info which SSL and NLA do not. As a whole, the key is to level up the security for remote access with second factor (e.g. smartcard etc) for identity assurance
1

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question