Is RDP viable practice for LAN remote session?
-
Is RDP viable practice for LAN remote session? I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN? Jumping from one server to another using RDP is quick and easy.
-
Microsoft would disagree with your "big no." They publish their Windows VMs directly on the internet with RDP.
Of course that said - all the flaws found in it recently, definitely seems to make it feel more risky.I suppose it's more risky than SSH because it's not open source, fewer people can put eyes on it to verify how good the coding is...
As for internal - I still use it regularly.
-
The problem with RDP is that you cannot share the session with your end user. You can use remote session onsite but it is buggy. You might be better to use MeshCentral, Connectwise, SplashTop, ZOho Remote, Bomgar and other options.
-
What is the use case for you @AshKetchum ?
-
@AshKetchum said in Is RDP viable practice for LAN remote session?:
Is RDP viable practice for LAN remote session? I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN? Jumping from one server to another using RDP is quick and easy.
Perfectly acceptable to use. That's it's entire purpose
-
@AshKetchum said in Is RDP viable practice for LAN remote session?:
Jumping from one server to another using RDP is quick and easy.
Ties up licenses and stuff. Unnecessarily slow and complicated compared to other tools. Nothing wrong with it from a security or technical standpoint, but that sounds like a slow, complex approach.
-
@AshKetchum said in Is RDP viable practice for LAN remote session?:
I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN?
This is actually a myth. The real "no no" is more complex and has to do with connecting internal user accounts to outside access directly. But people don't understand that stuff, so to simplify it they say "RDP is bad or insecure" when what they actually mean is "how most people assume you'd expose it to the Internet is a bad approach" but they can't explain why and they just know that they can't figure out how to publish it usefully.
-
@AshKetchum said in Is RDP viable practice for LAN remote session?:
Is RDP viable practice for LAN remote session? I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN? Jumping from one server to another using RDP is quick and easy.
Curious - What OS are you going to use this for?
-
When RD Gateway is set up and 2FA (2 Factor Authentication) is in place access to a Remote Desktop endpoint, whether RemoteApp, Session Host desktop, or VDI desktop OS, is as secure as the human using it.
We have plenty of RD Farms out there both in client internal and multi-tenant setups.
There's no exposing an RDP Listener to the Internet on any port. That's just bad.
There are some internal LAN side advantages:
- Single Sign-On gives users a seamless experience from their corporate desktop
- RemoteApp RSS publishing via Group Policy makes security group delimited publishing simple
- Collection Publishing can be delimited based on Security Groups (great for licensing compliance)
Internally or externally, Group Policy locks things down for security and access purposes as well as for mitigating a Ransomware errant user click.
-
@PhlipElder said in Is RDP viable practice for LAN remote session?:
When RD Gateway is set up and 2FA (2 Factor Authentication) is in place access to a Remote Desktop endpoint, whether RemoteApp, Session Host desktop, or VDI desktop OS, is as secure as the human using it.
With TLS.
-
@Dashrender said in Is RDP viable practice for LAN remote session?:
@AshKetchum said in Is RDP viable practice for LAN remote session?:
Is RDP viable practice for LAN remote session? I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN? Jumping from one server to another using RDP is quick and easy.
Curious - What OS are you going to use this for?
This is for use on the LAN. Really any reasonable use case is just fine.
