Re: RDP connection via dyndns

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In message <hb2dnWuiaqAkQp7UnZ2dnUVZ_t3inZ2d@xxxxxxxxxxxxx> "Bill
Kearney" <wkearney99@xxxxxxxxxxx> was claimed to have wrote:

While I agree that VPNs can be a security risk, opening more ports through
the router for rdp can also be a a security risk. In this case where only
two ports are needed opening another port is probably the lesser risk. If
you wanted to rdp to several computers or even all computers on the
network then the VPN would be a better option. It's easier to manage one
VPN connection and leave all the workstations listening on the default rdp
port. Both options involve some risk. The risk can be managed.

I think you miss my point. Having even a dozen RDP ports open would only
mean RDP connections would be at risk. Opening a VPN would allow ALL
protocols through it.

No, the VPN only allows approved protocols/ports/whatever through it,
there is no need to provide a VPN user with a "default allow" policy.

I'd suggest using VPN, but once users VPN in, still only allow RDP
access to the internal machines. Aside from the security benefits, it
also allows a uniform configuration to be deployed across the board,
rather then opening ports pointing to individual end user machines and
potentially forgetting to remove said access down the road when an IP is
reassigned.

This is potentially a much greater risk. One with a
lot less logging to catch hacking attempts.

RDP's does have a lot less logging then a VPN, true enough, but you can
get the job done if you don't mind reviewing eventlogs on a dozen
different machines.

Maybe it's like opening a window versus a garage door. Even if you open a
dozen windows, it won't allow the same 'size' risk as a huge garage door.
Not exactly a perfect analogy, but close enough.

An apt analogy, given that the burglar can fit just as easily through a
window or a garage door. What do you think is easier to guard, a dozen
windows, or one well lit garage door?

.

Relevant Pages

  • Re: RDP connection via dyndns
    ... you to establish a VPN connection to the network then RDP to individual computers over the VPN connection. ... With multiple RDP ports you're limiting the connection to solely RDP connections. ...
    (microsoft.public.windows.server.networking)
  • Re: RDP connection via dyndns
    ... In this case where only two ports are needed opening another port is probably the lesser risk. ... If you wanted to rdp to several computers or even all computers on the network then the VPN would be a better option. ...
    (microsoft.public.windows.server.networking)
  • Re: RDP connection via dyndns
    ... In this case where only two ports are needed opening another port is probably the lesser risk. ... If you wanted to rdp to several computers or even all computers on the network then the VPN would be a better option. ...
    (microsoft.public.windows.server.networking)
  • Re: RDP connection via dyndns
    ... the router for rdp can also be a a security risk. ... In this case where only two ports are needed opening another port is probably the lesser risk. ... If you wanted to rdp to several computers or even all computers on the network then the VPN would be a better option. ...
    (microsoft.public.windows.server.networking)
  • Re: Ports needed
    ... VPN right now. ... With RWW and RDP I think our users are set. ... >> Can someone confirm that I have the right ports next to those services. ...
    (microsoft.public.windows.server.sbs)