Secure remote desktop connection

MAS
MAS used Ask the Experts™
on
I am hired to secure remote desktop connection as they are using a new application (https://www.tsplus.net/) which uses remote desktop connection. How to secure the connection to the application which uses RDP?. They are using this application from external network as well.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Locally Remote Desktop Connection is secure already. You could do the following:

1. Always have it ask for credentials.
2. Check the Printer resource to see if you need it.

Remote connections should be done via Secure VPN.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Author

Commented:
Many thanks for your reply

-->1. Always have it ask for credentials.  https://www.tsplus.net/
This is an application running from inside and outside.

-->Remote connections should be done via Secure VPN.
You mean connect by VPN and open app?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
VPN is the best way to connect remotely
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Author

Commented:
These are users. They are technically poor.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Normally true but Remote Desktop Connection depends upon the security of the connection. It does not secure the connection
btanExec Consultant
Distinguished Expert 2018
Commented:
Certificate - It uses LetsEncrypt (free and starting with v9.20) which are valid for 90 days. May consider own CA or 3rd party CA like GoDaddy or DigiCert. Nonetheless, TSPlus should renew the certificate automatically every 60 days. Do check every 60-70 days that your certificate has been automatically renewed.

HTTPS - Avoid using self signed. Best to use own CA or reputable one. Minimally 2048 RSA, possibly go for EC (prime256v1, secp384r1).  Also for SSL cipher selection, make sure "Disable weak ciphers" is done. Can verify on the SSL cipher using SSLtest (server)

Connection restriction - It get more business need centric. For example, restrict the user connections to specific time ranges in a week. But more for if they have no AD (central policy) and instead using local user policy then use the provided local feature. Not really a must though but is a safeguard to reduce exposure.

Strong Authentication - Consider 2FA. TSplus has partnership with SAASPASS. Install the SAASPASS mobile application or Desktop client.The SAASPASS-TSplus integration is stated here.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Author

Commented:
is there any other solution other than VPN?
btanExec Consultant
Distinguished Expert 2018
Commented:
Something like splashtop (rather similar to Logmein approach but supposed to be faster). There is a Splashtop Personal is for non-commercial use only, to access a maximum of 5 computers.
https://www.splashtop.com/business
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I thought of that, but most of these require a person at the other end to accept the secure connection. VPN allow me to connect and work without anyone at the other end.
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice
btanExec Consultant
Distinguished Expert 2018

Commented:
No further input received

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial