Friday, April 3, 2020
There's a lot of confusion when it comes to accessing your remote desktop from home. It's been a hard transition for many companies to say the least. On one hand, you want to get your workers set up to work from home as fast as possible. On the other hand, you want to make sure it's (a) reliable and (b) not vulnerable to attacks.
There can be a lot of misinformation out there on what type of remote desktop software to use. Should you use Microsoft's Remote Desktop Services or software like GoToMyPC and LogMeIn?
Some claim that Microsoft's Remote Desktop Services is unsafe to use. That's it too easy for you to leave your network vulnerable. That you have to have it configured correctly.
This is like saying that flying is dangerous and that you should never fly because it's complicated. The fact of the matter is, flying is the best way to get from point A to point B.
Likewise, if you're looking for a fully secure remote work set up, Microsoft's Remote Desktop Services is the way to go. How so?
RDS creates a small pipe between whatever client/endpoint you have and connects you to a server. That server is running multiple desktops. Some of these servers can run 100s of people at once and they're all using the same desktop.
It's great because you have one desktop computer to manage for the entire company, all software is on that one computer. You make a change in one place vs 100 different work stations.
The biggest mistake people make with RDS is that they don't have a gateway appliance or gateway security in front of the remote desktop. Even if when they do, they're hanging the server raw over the internet.
They're plugging that remote desktop server straight into the internet. There's no nothing, no filter, no security. They're left completely vulnerable to hackers.
The first thing a company needs is a good firewall. Once you have that in place, you block all of that external access. Now the public internet can't touch that server at all. They can knock on that door and nobody will answer.
A proper RDS environment works like this:
1. They connect to the VPN network which gets them into their corporate network.
2. Once they're in, we put security rules inside the firewall. Then, they still are required to log into the RDS environment as well. This gives you 2-factor authentication, two layers of protection.
3. The endpoints that are connecting to the VPN and RDS environment. These need to be company-controlled assets. The company needs full control and monitoring of these devices. The end-user and their device they enter the network from is the weakest link in the security chain. The company has to be in control of these devices and make sure they have business-level antivirus/malware and web filtering in place. This way the company knows that the end-user device is secure as it can be before it enters the company network. Having an uncontrolled unprotected endpoint entering the network is a huge security issue.
GoToMeeting or LogMeIn have agents on the remote device, whether it's PC or Server. That agent is calling home across the public internet. It's always waiting for a connection and it's bypassing a firewall. You just bypassed all of your security rules.
They give you root access. With RDS it knows you're not sitting in front of the computer so it restricts what you're able to do (i.e. enhanced security).
We will never hang a remote desktop server across the open internet without a VPN network. It's NOT secure!
If you need help configuring and setting up Microsoft RDS contact us today! We'd be happy to help!