Security with Citrix, Microsoft Rdp server, other rdp server (1 Viewer)

[amorosik]

It often happens that you read that for an RDP server there are far greater security problems than for other systems for remotely accessing centralized resources on a single machine
So let's suppose that you have your procedure created with Access and it is necessary to allow its use also by personnel geographically distant from the company headquarters, where the information systems are physically resident
I see that many within this forum write about Citrix or Microsoft's RDP server
I would therefore like to ask if you have had problems related to unauthorized access, possible intrusions, and general problems related to access security since, on the company headquarters side, it will be necessary to expose the ports necessary for connection from remote operators directly on the internet

 

[tvanstiphout]

Some have said the RDP protocol is vulnerable. I don't know, but it is NO PROBLEM if you first start a VPN, then use RDP on top of that.

 

[Pat Hartman]

Security is the responsibility of my client's IT team. I am an Access developer. I know enough about what they need to set up to give basic directions. The clients these days prefer to not set up a remote desktop. That is inconvenient for me if I need to do testing but fine for the normal operation of the application. So, when the user double clicks on his app Icon, it opens a separate Citrix session that only runs the Access app. He can't browse files or open word or send email. He cannot do anything through this "window" that my application does not allow him to do. So, I guess if I don't allow him to run wild and delete files on the network, he can't use this "window" to do it.

No one has ever reported a problem to me. My clients don't use VPN's

 

[CompSMART]

I have been using RDP since first experimenting with it in the early 1990's. Back then (if I remember correctly) it was introduced by Microsoft primarily as a way for server admins to remote manage Windows Servers (which were also new at the time). Originally named Terminal Services, the technology ultimately migrated to the Windows desktop OS and became know by the protocol it used: remote desktop. In the early days, we didn't give security a lot of concern and would simply set the RDP port on the host workstation to a very high number (we'd often start at 45000) to stay well outside of port scanners looking for the standard RDP port of 3389 and map ports in the router accordingly. Of course, over time, security would become more and more of a concern and connecting to RDP hosts over an established VPN connection to the host network became preferred.

If your remote users don't have a way to make a VPN connection to the host network:
Set up an account on ZeroTier (it's free) and install the ZeroTier client on both host/remote workstations. You can tighten-up security on your ZeroTier mesh network by limiting traffic on it to ONLY RDP traffic.

Once your users either have a VPN connection to the host network OR are on a ZeroTier mesh network:
Set up a free account at Duo Security (it's free with some minor limitations). Add your remote users to your Duo Security account (you'll be adding their mobile or land/VOIP phone numbers as part of their user config and I suggest you add a network admins phone number as a backup as well) and have the users install the Duo Security app on their cell phones. Install the Duo Security client on the host workstations. After configured properly, when your remote users attempt to make an RDP connection to their host, they will be intercepted by the Duo Security client (before the OS login) which will force them to authorize the RDP connection via their cell phone's Duo Security app or authorize via an actual phone call to any of the land/VOIP numbers you configured during the user setup.

I find the above both very reliable and more than secure enough for my needs.