Isn't RDP still and acceptable Remote Desktop Protocol?
I have a customer who emailed today and they were told by their insurance company that they have a major flaw in their system. That they are using RDP. I guess they used a port scanner. Anyway… Isn't RDP still an industry standard way of remote access? It isn't really Plain-Jane RDP as there is a third party security enhancement but the underwriters don't know that. I am just kind of curious as to whether or not RDP is still an active industry-standard?
Explicitly they are using TSPlus. Is there something better and more secure out there now then RDP?
Explicitly they are using TSPlus. Is there something better and more secure out there now then RDP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would suspect they found port 3389 open. This has LONG been a no-no. Setup an RDGateway or use VPN. Once the user connects via one of those systems, it should be fine.
Also, STRONGLY consider adding 2FA to the mix. Duo or another solution.
Also, STRONGLY consider adding 2FA to the mix. Duo or another solution.
ASKER
That all but the question wasn't really answered. I am aware of the security risks and everything. To reiterate the question "Is there something better and more secure out there now then RDP"? Is it still an active industry standard or should I be looking for something else in this day and age?
I disagree. We answered your question. It's still widely used. There are some people who don't know how (or care) to secure it and do their insurance company yells at them.
ASKER
The question really didn't have much to do with security. It is secure. Running on a different port with a third party security package. No one really stated that it is still an industry standard and widely used.
To answer the question explicitly: No.
Anything connected to some form of cloud service has it's own share of risks. Witness SolarWinds and other such RMM/RMM Component compromises.
The Remote Desktop Protocol when set up correctly to use RD Gateway, Broker, and Web along with secure SSL certificates and Group Policy is the best that there is IMNSHO. Add 2FA/MFA into the mix and the solution set is solid.
Please keep in mind that there is no such thing as "Security" and being "Secure". Virtually everything, _everything_, is dependent on Training the Human. Then, there's the code itself.
Anything connected to some form of cloud service has it's own share of risks. Witness SolarWinds and other such RMM/RMM Component compromises.
The Remote Desktop Protocol when set up correctly to use RD Gateway, Broker, and Web along with secure SSL certificates and Group Policy is the best that there is IMNSHO. Add 2FA/MFA into the mix and the solution set is solid.
Please keep in mind that there is no such thing as "Security" and being "Secure". Virtually everything, _everything_, is dependent on Training the Human. Then, there's the code itself.
Running on a different portSorry, but this is NOT secure. Obscuring the port protects you from the 15 year old thinking it's fun to get into other people's systems. It does not protect you from anyone with programming skills (basic programming skills) or numerous tools designed to find machines with obscured ports. This has been true for well over a decade.
To Philip's point: You have to right 100% of the time; malicious hackers need to be right ONCE.
If your Insurance company could detect your open RDP port why can't hackers?
Second to Lee's point: Look up TSGrinder. BTDT
An RDG uses a standard HTTPS tunnel to secure the connection between the endpoint and the network. It also incorporates a Network Layer Authorization structure that ties into Windows Authentication. That means that too many attempts to log on and the user account is locked out.
An additional layer that can be put on top to further secure the setup is To Factor Authentication (2FA or MFA).
No one should ever port forward _any_ port on the edge/router/firewall to an RDP endpoint inside the network. Ever.
EE Remote Desktop Article Remote Desktop Services (RDS): Setup Guide & Best Practices