RDP without VPN


#1

We currently use DUO for our RDP connections, directly and without VPN (Port open on firewall). Have never had an issue.

We purposefully don’t want VPN because we don’t need network level access and we don’t want people’s potentially infected remote computers on our networks. Then there’s the added inconvenience of managing muti-platform VPN clients and potentially additional credentials.

However, most traditional IT people suggest that adding VPN would be safer.
It’s definitely an extra layer but given the issues I mention above, the minuses seem to outweigh the pluses.
How are people doing this? Anyone care to comment?


#2

MS RD Gateway was made for this. It accepts the incoming RDP connection over HTTPS/443 instead of the regular RDP TCP/UDP port(s) 3389, so incoming client traffic is encrypted.


#3

I used it too without vpn however I do used below setup to add additional security:

  1. change rdp default port from 3389 to something else
  2. enable OS firewall and only allow connections from certain range of IP to limit exposure
  3. use live account to login that is mapped to a local account
  4. I use automated script to block IPs from unknown connection attempts if any or even if it just an attempted port scan

Good Luck!