2

My company uses RemoteApp to provide a "cloud edition" of our desktop software.

The RDP port has been changed from default, and we run RDP Shield, which blocks the IP address after 5 failed login attempts.

Each customer has their own Windows user account on the server they are hosted on (Windows Server 2016). Security software whitelists the programs that can run from their account etc.

I can see that Brute force attacks would be far more difficult due to lockouts, as they would require an endless supply of IP addresses.

But are there other login vulnerabilities that are present, that wouldn't be present if we used an RD Gateway to log in?

I see RD Gateway always recommended, but can't see a clear advantage over firewall based blocking using RD Shield.

Is TLS inherently more secure than RDP's encryption?

Tldr.

Does an IP lockout policy prevent most public RDP attacks?

Kyohei Kaneko
  • 121
  • 2
  • I don't think an auditor would go for an internet-facing RDP server, default port or not. – Greg Askew May 11 '21 at 21:42
  • Do you mean even when accessed via an RD Gateway? – Kyohei Kaneko May 12 '21 at 12:14
  • No an RDG uses https, it doen't expose RDP to the Internet. – Greg Askew May 12 '21 at 12:27
  • That's what I thought. But my question is really, What makes Https more secure than RDP, considering both use encryption? – Kyohei Kaneko May 12 '21 at 17:42
  • I'm not sure I would describe it as more/less secure. There are several known security vulnerabilities in RDP. All are addressed if a system is up to date. However, given the number of these vulnerabilities that were discovered in the past few years, it's not inconceivable there will be others. HTTPS is simpler and more well known. – Greg Askew May 12 '21 at 20:36

0 Answers0