Is it secure to run Remote Desktop Web Access without VPN?

By Working IT ·
Currently remote users need to establish Cisco VPN connections before connecting to a Windows 2008 R2 Remote Desktop Server using Remote Desktop Connections. Within the server, they only need to run a corp. application, print to local printers, and do some basic functionality like word and spreadsheet processing. If I have Remote Desktop Web Access setup under SSL, can I eliminate the Cisco VPN and retain the same level of security?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

No you can not

by OH Smeg Moderator In reply to Is it secure to run Remot ...

It's as simple as that.

Collapse -

Reponse To Answer

by Working IT In reply to No you can not

Even if the RD Web Access is running under SSL?

Collapse -

Reponse To Answer

by OH Smeg Moderator In reply to No you can not

Doesn't matter what you have running.

The data transfer is still open to anyone not to mention a possible connection to the server without the VPN.

With the VPN the Data is not available to be monitored/changed and the server is isolated.


Collapse -

Not true at all!

by SMB5657 In reply to Is it secure to run Remot ...

If running RD Web access under SSL you are encrypting your data stream and yes it is secure. If not every Citrix and View connection currently in use today across millions of workstations would be vulnerable. Now OH Smeg is correct when he states you are opening your web site servicing the SSL to the Internet and we all know what can happen if the site is not managed with an eye towards security.

Collapse -

Reponse To Answer

by Working IT In reply to Not true at all!

Thank you for your answer. I was wondering the same thing about Citrix and other websites that are running https, too.

Collapse -

And from a pure 'risk' hacking standpoint

by robo_dev In reply to Is it secure to run Remot ...

The Cisco VPN solution is a EAL4 certified IPSEC VPN, and while there are some hacking apps that 'poke around the edges' like IKESCAN, I have not seen any real scary vulnerabilities, exploits, or patches that call into doubt the security of this approach. It is, for all intents and purposes, foolproof.

While Windows 2008, if configured 100% correctly, has met EAL4 targets, there are two issues:

One is that it's VERY easy to misconfigure it and leave it insecure.
The other is that there are lots of scary vulns, exploits, and a whole sea of patches to keep it secure.

CAN a Windows RDP connection be as secure as a Cisco VPN?

Well, sorta, if the admin is really good, configures everything perfectly, uses strong passwords, keeps everything patched, monitors the firewall and connection logs, has a good firewall, etc, etc.

So the first poster who said 'NO' is correct, and the second poster who said 'YES' is also correct.

Collapse -

Reponse To Answer

by Working IT In reply to And from a pure 'risk' ha ...

Thank you for your answer. I like your saying about "if configured 100% correctly". I agree. It is difficult to keep Windows up-to-date at all time. I am planning to keep both options (VPN and RDP) open. VPN will be used for mobile users. RDP will be locked down for remote offices with static IP only.

Related Discussions

Related Forums