Securing RDP sessions
-
A client is moving their hardware to a data center. I would like to secure the RDP sessions. Right now there are about 50 RDP users that login over the internet. I have seen people posting about using Petrino and RDP together. Is there anything else I need?
-
Pertino will handle all of the securing of the RDP if Pertinos approach works for you. It's a full mesh, no open ports VPN so it covers a lot of bases there.
-
So by using Pertino, I would not need a hardware VPN? And how vulnerable is RDP without VPN?
-
RDP is a medium risk. It's secure but not super secure. The attacks aren't in the channel but on the setup of the connection.
There are definitely cases where you would not further secure it. But it is generally recommended to do something more. I tend to lean to the "less secure" approach for SMBs because they don't get targeted attacks. But you will be attacked big time on the open ports.
-
@technobabble said:
So by using Pertino, I would not need a hardware VPN?
Correct. Pertino is a full VPN on its own. No need for hardware. It's a full mesh and has no need of hardware. Hardware is for when you do an aggregator rather than a mesh.
-
40 of the users are contracted workers or doctors offices, would that sway you to add Pertino?
-
@technobabble said:
40 of the users are contracted workers or doctors offices, would that sway you to add Pertino?
Depends on your architectural goals long term. But Pertino is nice in a situation like that because it is so easy to disable machines once they are no longer needed. Outside workers can manage their own connections but you get a central web console so that you can check on who has access, who is online, etc.
-
What are the users RDPing into, exactly?
-
Server desktops to use a Medical Billing program and scheduler.
-
@technobabble said:
Server desktops to use a Medical Billing program and scheduler.
I would probably want to secure that a bit. Pertino or OpenVPN or whatever is a pretty minimal cost and effort for a lot of peace of mind.
-
Thanks @scottalanmiller and others. I will add it to my list of must haves for this client.
-
SAM hit the nail on the head. We can secure the RDP sessions for you. The management console should make it easier to manage contractor sessions, especially compared to port-forwarding/opening for RDP or even traditional VPN.
If you haven't set up a Pertino network yet, definitely check it out. I'd want to make sure the topology matches what you had in mind. If you have any additional questions, you can get me at jgrose@pertino.com.
Thanks guys,
Josh
-
@technobabble said:
Server desktops to use a Medical Billing program and scheduler.
Are they servers, or are they desktops? Is it a 1:1 ratio VMs to users, or is it shared, like RDS?
-
@Nara
RDS -
You could put Pertino only on the RDS server and on the machines that connect to it. Very simple setup.
-
@technobabble said:
@Nara
RDSIn that case, why not an RDS Gateway? Combine it with RD Web Access, and you have an easy portal for users to access their RDS sessions with while still keeping things secure.