prophet001
asked on
Remote Desktop Question
Hello.
I was wondering if anyone could give me some insight on configuring remote desktop. We're thinking about how to help people work from home and possibly remoting into their Windows machines. We do this for some persistent users who have work laptops and we're comfortable letting them connect from machines that have been secured to the best of our abilities. These are non-admin accounts on laptops that run nothing other than RDP and antivirus software.
My question is is it possible or practical to allow any machine to connect to a work desktop on our LAN? Should we allow users to use their own personal computers which could be loaded with viruses or any other unknown software to connect through RDP to our work machines?
What is the best/fastest way to implement this.
The machines that do have RDP already setup are hitting non-typical ports on the firewall which are forwarded to internal machines. I know the risk of this and check the firewall logs daily to make sure that only our approved IP addresses are connecting this way.
I was wondering if anyone could give me some insight on configuring remote desktop. We're thinking about how to help people work from home and possibly remoting into their Windows machines. We do this for some persistent users who have work laptops and we're comfortable letting them connect from machines that have been secured to the best of our abilities. These are non-admin accounts on laptops that run nothing other than RDP and antivirus software.
My question is is it possible or practical to allow any machine to connect to a work desktop on our LAN? Should we allow users to use their own personal computers which could be loaded with viruses or any other unknown software to connect through RDP to our work machines?
What is the best/fastest way to implement this.
The machines that do have RDP already setup are hitting non-typical ports on the firewall which are forwarded to internal machines. I know the risk of this and check the firewall logs daily to make sure that only our approved IP addresses are connecting this way.
ASKER
Hi Alan. Thanks for the response.
I understand the implication of forwarded ports which is why I stated the situation that it's used under. For a quick implementation this is going to be the easiest thing for us to do.
I was more hoping to understand the unsecured clients portion of the service.
I understand the implication of forwarded ports which is why I stated the situation that it's used under. For a quick implementation this is going to be the easiest thing for us to do.
I was more hoping to understand the unsecured clients portion of the service.
Also, if you can have users run a VPN, that would add major layer of protection. Some firewalls have VPN options.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That makes sense and was part of what I was concerned with.
Thank you!
Thank you!
ASKER
Thank you for the help.
You're welcome.
I would configure your router / firewall to block any connection that is not from one of those IPs.
Using a non standard port is very week protection, whereas whitelisting IPs is strong protection.
Alan.