Suppose a client wants to directly connect to Terminal Server exposed to the Internet, without a VPN, ... what software & settings is needed to properly protect against WiFi based attacks? (assume MITM is possible, and multiple client platforms are permitted)
Background Information
VPN-less RDP is common not only in branch offices, but is also frequently used with cloud-hosted servers. Given that RDP is the default mechanism to administer IaaS and PaaS solutions I'm trying to estimate the probility that an untrained administrator may connect to these hosts without the necessary security controls in place.
I'm interested in information on how to properly configure a server and any additional software required for a PC, OSX, and possibly Linux.