Questions

Is it secure to run Remote Desktop Web Access without VPN?

Tags:
+
0 Votes
Locked

Is it secure to run Remote Desktop Web Access without VPN?

Working IT
Currently remote users need to establish Cisco VPN connections before connecting to a Windows 2008 R2 Remote Desktop Server using Remote Desktop Connections. Within the server, they only need to run a corp. application, print to local printers, and do some basic functionality like word and spreadsheet processing. If I have Remote Desktop Web Access setup under SSL, can I eliminate the Cisco VPN and retain the same level of security?
  • +
    0 Votes
    OH Smeg

    It's as simple as that.

    +
    0 Votes
    Working IT

    Even if the RD Web Access is running under SSL?

    +
    0 Votes
    OH Smeg

    Doesn't matter what you have running.

    The data transfer is still open to anyone not to mention a possible connection to the server without the VPN.

    With the VPN the Data is not available to be monitored/changed and the server is isolated.

    Col

    +
    1 Votes
    SMB5657

    If running RD Web access under SSL you are encrypting your data stream and yes it is secure. If not every Citrix and View connection currently in use today across millions of workstations would be vulnerable. Now OH Smeg is correct when he states you are opening your web site servicing the SSL to the Internet and we all know what can happen if the site is not managed with an eye towards security.

    +
    0 Votes
    Working IT

    Thank you for your answer. I was wondering the same thing about Citrix and other websites that are running https, too.

    +
    2 Votes
    robo_dev

    The Cisco VPN solution is a EAL4 certified IPSEC VPN, and while there are some hacking apps that 'poke around the edges' like IKESCAN, I have not seen any real scary vulnerabilities, exploits, or patches that call into doubt the security of this approach. It is, for all intents and purposes, foolproof.

    While Windows 2008, if configured 100% correctly, has met EAL4 targets, there are two issues:

    One is that it's VERY easy to misconfigure it and leave it insecure.
    The other is that there are lots of scary vulns, exploits, and a whole sea of patches to keep it secure.

    CAN a Windows RDP connection be as secure as a Cisco VPN?

    Well, sorta, if the admin is really good, configures everything perfectly, uses strong passwords, keeps everything patched, monitors the firewall and connection logs, has a good firewall, etc, etc.

    So the first poster who said 'NO' is correct, and the second poster who said 'YES' is also correct.

    +
    0 Votes
    Working IT

    Thank you for your answer. I like your saying about "if configured 100% correctly". I agree. It is difficult to keep Windows up-to-date at all time. I am planning to keep both options (VPN and RDP) open. VPN will be used for mobile users. RDP will be locked down for remote offices with static IP only.

  • +
    0 Votes
    OH Smeg

    It's as simple as that.

    +
    0 Votes
    Working IT

    Even if the RD Web Access is running under SSL?

    +
    0 Votes
    OH Smeg

    Doesn't matter what you have running.

    The data transfer is still open to anyone not to mention a possible connection to the server without the VPN.

    With the VPN the Data is not available to be monitored/changed and the server is isolated.

    Col

    +
    1 Votes
    SMB5657

    If running RD Web access under SSL you are encrypting your data stream and yes it is secure. If not every Citrix and View connection currently in use today across millions of workstations would be vulnerable. Now OH Smeg is correct when he states you are opening your web site servicing the SSL to the Internet and we all know what can happen if the site is not managed with an eye towards security.

    +
    0 Votes
    Working IT

    Thank you for your answer. I was wondering the same thing about Citrix and other websites that are running https, too.

    +
    2 Votes
    robo_dev

    The Cisco VPN solution is a EAL4 certified IPSEC VPN, and while there are some hacking apps that 'poke around the edges' like IKESCAN, I have not seen any real scary vulnerabilities, exploits, or patches that call into doubt the security of this approach. It is, for all intents and purposes, foolproof.

    While Windows 2008, if configured 100% correctly, has met EAL4 targets, there are two issues:

    One is that it's VERY easy to misconfigure it and leave it insecure.
    The other is that there are lots of scary vulns, exploits, and a whole sea of patches to keep it secure.

    CAN a Windows RDP connection be as secure as a Cisco VPN?

    Well, sorta, if the admin is really good, configures everything perfectly, uses strong passwords, keeps everything patched, monitors the firewall and connection logs, has a good firewall, etc, etc.

    So the first poster who said 'NO' is correct, and the second poster who said 'YES' is also correct.

    +
    0 Votes
    Working IT

    Thank you for your answer. I like your saying about "if configured 100% correctly". I agree. It is difficult to keep Windows up-to-date at all time. I am planning to keep both options (VPN and RDP) open. VPN will be used for mobile users. RDP will be locked down for remote offices with static IP only.