I have a multitude of users that are requesting the ability to RDP from other workstations, on the same network, to their specific desktop computers. I would like to know what the risks of this are and reasons why this should not be granted.
Asked
Active
Viewed 288 times
2
-
How are you denying RDP access inside the same network? Do you have a centralized firewall police enforced on all workstations? Seems like a bit too paranoid for me, probably it is harmless. – Paulo Scardine Jul 23 '15 at 01:49
1 Answers
2
Without knowing more about your company's network layout, business model, physical access restrictions, etc... it is hard to give more than general guidance.
RDP has been known to have remote execution vulnerabilities. RDP can also facilitate password attacks. So you can't look at running RDP as risk-free. It is not unheard of for companies to restrict RDP access (see this question and its answer). That said, many companies also allow or even encourage the use of RDP.
The risk of the situation increases quickly if you are allowing users to RDP from non-secured, non-corporate machines. Say there is a BYOD policy or users are VPNing from outside of the company. The problem there is that you can't really trust that the RDP client is secure. But it sounds like they are trying to RDP from other corporate machines in your case.
Neil Smithline
- 14,621
- 4
- 38
- 55