secure RDP

We have small biz with a few servers and on premise phone system. and we recently have more users that need to remote their PC.

Of course, security is the biggest concern, and I want to implement something easier to do and secure.
Do you know any secure RDP software like Citrix XenDesktop we can use?

Thanks
LVL 1
ITsolutionWizardAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Secure, easy and running totally independent as a bootable live OS: https://www.ecos.de/products/access-components/secure-boot-stick/?L=2#_

In short: you buy a backend solution that gets installed and configured for you. Your users will get bootable usb sticks that will boot on any modern hardware (their own devices, even Macs) and allow to RDP through a well-secured VPN. It's so easy, you won't need to write a manual for it.

So unless the price is a problem (demand a quote), it is really a very good option to choose.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITsolutionWizardAuthor Commented:
of course the price is one of the consideration. do u know the cost of USB stick?
0
masnrockCommented:
What exactly are your requirements? You could use something like LogMeIn. If you're looking to do RDP with 2FA, then you can look at Duo or AuthLite.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

McKnifeCommented:
I'll check my memory. Keep in mind that these might not be the actual prices AND that they were given to me as a small customer (<15 sticks) - larger customers might get better rates:

Stick: around 250€ each
Backend: 1000€ for hardware and personalized configuration and admin training
Stick maintenance fee: 50€ per year and stick
Backend maintenance fee: 100€ per year.
If you need the price in US$, add about 20%.

Remember: they may use their own hardware with that stick - they don't need costly company laptops and screens provided by you - that's is something to consider. Every other "use your own home device for secure working concept" is plain sh** if you ask me. Will never work out to make home devices secure any other way.
0
Tom CieslikIT EngineerCommented:
Also TeamViewer,
You can create account and add clients to Unattended support.
This way you'll see all ONLINE workstation and be able to login to them when users are log-on or not.

You can test on free version and If you'll decide this is your way you can purchase commercial license.

www.teamviewer.com
0
btanExec ConsultantCommented:
Actually if you have RDP gateway available then consider leveraging on it. When using an RD Gateway server, all Remote Desktop services on your desktop and workstations should be restricted to only allow access only from the RD Gateway. The RD Gateway server listens for Remote Desktop requests over HTTPS (port 443), and connects the client to the Remote Desktop service on the target machine. Here is one practice. https://security.berkeley.edu/resources/best-practices-how-articles/securing-remote-desktop-rdp-system-administrators


Another step further is use of Windows to Go devices. Using that and connect back to the work network using either DirectAccess or a virtual private network connection can be configured. For this case it is to run the OS from the device like USB stick without even booting into the machine OS. Note - But when you change boot order like boot from WTG you need to reset the BitLocker system measurements to incorporate the new boot order.
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-to-go-overview#a-href-idbkmk-wtgroamaroaming-with-windows-to-go
There are ready device of such
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-to-go-overview#a-href-idwtg-hardwareahardware-considerations-for-windows-to-go
One example is from Syprus
use a 32 GB SPYRUS Windows To Go drive with the Read Only option to boot SPYRUS drives securely from untrusted home computers. Your organization can enforce work and data saving to the enterprise network, or if required, changed files can be saved on a Data Vault read/write partition.
https://www.spyrus.com/secure-remote-access/
Internally we have not fully operationalise this but has been worthy alternative for overseas travel with data secured in the drives. And also for remote users using existing VPN setup in the company.
0
ITsolutionWizardAuthor Commented:
Thanks but we are small shop - simple out of the box solution will work in our fashion. Thanks
0
btanExec ConsultantCommented:
Then software would be simplest but not the most secure though. GoToMyPC and TeamViewer may be consider then. More review in below.
Before you can start using the TeamViewer app on a new machine, or before you tell the app that you want to access your machine remotely when no one is sitting at the keyboard, you have to type in your email address and TeamViewer account password. The app then sends you an email asking you to click on a link that adds the machine to your list of "trusted devices." After you've added the machine to your trusted devices, you have to return to the app and type in your email address and account password again in order to complete the operation. Other secure options include using a VPN to make the connection, in addition to the default 256-bit encryption used in remote sessions and meetings.
https://www.google.com.sg/amp/s/sea.pcmag.com/software/17432/guide/the-best-remote-access-software-of-2017%3famp=1

Specifically activate use of 2FA login, for example, in addition to your password, a second factor (security code) is needed to log in to your TeamViewer account.
The security code is generated by an authenticator app on your mobile device. After activating two-factor authentication for your TeamViewer account, the app generates a temporary security code every 30 seconds. When you want to log in to your TeamViewer account, you have to enter the security code displayed on the app at this time.
https://community.teamviewer.com/t5/Knowledge-Base/What-is-two-factor-authentication-for-your-TeamViewer-account/ta-p/4711
0
btanExec ConsultantCommented:
For author advice
0
btanExec ConsultantCommented:
No further feedback received.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.