Answer for:

Is it secure to run Remote Desktop Web Access without VPN?

Message 9 of 8

View entire thread
2 Votes

The Cisco VPN solution is a EAL4 certified IPSEC VPN, and while there are some hacking apps that 'poke around the edges' like IKESCAN, I have not seen any real scary vulnerabilities, exploits, or patches that call into doubt the security of this approach. It is, for all intents and purposes, foolproof.

While Windows 2008, if configured 100% correctly, has met EAL4 targets, there are two issues:

One is that it's VERY easy to misconfigure it and leave it insecure.
The other is that there are lots of scary vulns, exploits, and a whole sea of patches to keep it secure.

CAN a Windows RDP connection be as secure as a Cisco VPN?

Well, sorta, if the admin is really good, configures everything perfectly, uses strong passwords, keeps everything patched, monitors the firewall and connection logs, has a good firewall, etc, etc.

So the first poster who said 'NO' is correct, and the second poster who said 'YES' is also correct.