Isn't VPN access just as susceptible to hackers as RDP access? Consider that we are trying to solve very frequent attempts from an outsider to connect to a user's workstation using RDP. We are seeing Windows Event 4625 about every 5 seconds. The user connects successfully from home quite often, but the "brute-force" attacks have become too much for us to stand. It's been recommended that we deploy a VPN for the user to connect to, then allow them to connect to their workstation using RDP.
Wouldn't establishing VPN capability through the firewall just expose different ports to the internet? How is this safer than an RDP connection?