Remote Desktop risks through VPN

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

At the moment we do not allow users to connect to their desktops via RDP when
they connect to the company network via VPN.

What risks are involved with allowing them? I know that the desktop admins
could snoop but what other risks are there?

Any help would be appreciated.
 
The risks are actually pretty minimal. The RDP protocol is encrypted, on top of your VPN connection. The worst that could happen is that users can map their local drives to the RD host. If they had a viral or other type of malware infection, it could possibly be spread that way, but since they're already VPN'd in, and probably have access to LAN resources, its really a non-issue.
 
At the moment we do not allow users to connect to their desktops via RDP when
they connect to the company network via VPN.

What risks are involved with allowing them? I know that the desktop admins
could snoop but what other risks are there?

Any help would be appreciated.
Click to expand...

We setup medical companies with VPN to a firewall Appliance and then a
rule that permits RDP to the specific users desktop only. The users
authenticate with the firewall (which does not authenticate with the
Domain) and then they can open a RD connection to their workstation and
only to their workstation.

When in a RD session remotely, their desktop is locked, so other users
can't see what is happening on their computer, and it's been safe so
far.
 
The risks are actually pretty minimal. The RDP protocol is encrypted, on top of your VPN connection. The worst that could happen is that users can map their local drives to the RD host. If they had a viral or other type of malware infection, it could possibly be spread that way, but since they're already VPN'd in, and probably have access to LAN resources, its really a non-issue.
Click to expand...

We've done a couple RD setups like this and I would have rather had them
do it with VNC.

With the current solution we do a VPN to the Firewall appliance, the
firewall appliance has a single rule per VPN user that limits them to a
specific IP:PORT inside the company network. With VNC we were able to
eliminate the sharing of local computer files/services with the remote
computer files/services, but with RD we've not been able to restrict
this at the local computers desktop level.

With users running as local Users they can't change the VNC passwords
and since it only need a specific port, we don't have to worry about a
virus/compromised service on their home computer reaching the company
network as they don't ride the custom port we've setup.
 
Back
Top