It was recommended to us by an IT consultant that we have to switch our remote workers / work from home workers over to using a RD Gateway to secure the connection rather than the VPN we have currently been using.<\/p>\n
Advertisement
The reason for this is that the VPN gets a lot of complaints regarding connections dropping intermittently. 90% of the time it works fine, but for some reason at certain clients it drops the RD connection quite frequently. (according to user reports)<\/p>\n
Advertisement
So I guess the way it works is that the RD connections connect to the broker / gateway first, and that in turn connects them to the Terminal Server.<\/p>\n
My question is about the security of this setup. I have been looking for information about it and don’t seem to be able to find what I am looking for. So… if anyone can answer or link information regarding the following it would be greatly appreciated.<\/p>\n
\n
Is it secure to use RDP across public internet without a VPN, using a RD Gateway / broker setup? If not why isn’t it or vice versa if it is.<\/li>\n<\/ol>\n
That is the most important question but these others I’m also interested in:<\/p>\n
\n
\n
Is it secure to use RDP across public internet period? Without the broker / gateway. If it’s not, why isn’t it?<\/p>\n<\/li>\n
\n
What does the broker / RD gateway do to secure the connection further than just regular RDP setup?<\/p>\n<\/li>\n
\n
What type of encryption does RDP use?<\/p>\n<\/li>\n
\n
Is there a better way to do this? Have users work from home by accessing a terminal server.<\/p>\n<\/li>\n<\/ol>\n
Thanks in advance<\/p>","upvoteCount":3,"answerCount":11,"datePublished":"2016-12-09T13:20:18.000Z","author":{"@type":"Person","name":"gregleftwich","url":"https://community.spiceworks.com/u/gregleftwich"},"acceptedAnswer":{"@type":"Answer","text":"
RD Gateway is over HTTPS and is much more secure than just RDP over Public Internet because of the encryption obviously, but also because once they connect to they gateway, they have to know where to go from there instead of port 3389 mapped directly to the server you are RDPing to, unless youre using a VPN then RDP which is not working for you either.<\/p>\n
Anyone can attempt to brute force the common 3389 port thats mapped directly to your server, which is not exposed with RD Gateway.<\/p>\n
RD Gateway is highly preferred over RDP mapped directly to the server. I prefer it as well over RDP over a VPN because of the inherent slowness of the VPN and the same issues that you are seeing with it.<\/p>","upvoteCount":1,"datePublished":"2016-12-09T14:51:59.000Z","url":"https://community.spiceworks.com/t/remote-desktop-gateway-or-rd-broker/545968/2","author":{"@type":"Person","name":"koreymckinley","url":"https://community.spiceworks.com/u/koreymckinley"}},"suggestedAnswer":[{"@type":"Answer","text":"
It was recommended to us by an IT consultant that we have to switch our remote workers / work from home workers over to using a RD Gateway to secure the connection rather than the VPN we have currently been using.<\/p>\n
The reason for this is that the VPN gets a lot of complaints regarding connections dropping intermittently. 90% of the time it works fine, but for some reason at certain clients it drops the RD connection quite frequently. (according to user reports)<\/p>\n
So I guess the way it works is that the RD connections connect to the broker / gateway first, and that in turn connects them to the Terminal Server.<\/p>\n
My question is about the security of this setup. I have been looking for information about it and don’t seem to be able to find what I am looking for. So… if anyone can answer or link information regarding the following it would be greatly appreciated.<\/p>\n
\n
Is it secure to use RDP across public internet without a VPN, using a RD Gateway / broker setup? If not why isn’t it or vice versa if it is.<\/li>\n<\/ol>\n
That is the most important question but these others I’m also interested in:<\/p>\n
\n
\n
Is it secure to use RDP across public internet period? Without the broker / gateway. If it’s not, why isn’t it?<\/p>\n<\/li>\n
\n
What does the broker / RD gateway do to secure the connection further than just regular RDP setup?<\/p>\n<\/li>\n
\n
What type of encryption does RDP use?<\/p>\n<\/li>\n
\n
Is there a better way to do this? Have users work from home by accessing a terminal server.<\/p>\n<\/li>\n<\/ol>\n
Thanks in advance<\/p>","upvoteCount":3,"datePublished":"2016-12-09T13:20:18.000Z","url":"https://community.spiceworks.com/t/remote-desktop-gateway-or-rd-broker/545968/1","author":{"@type":"Person","name":"gregleftwich","url":"https://community.spiceworks.com/u/gregleftwich"}},{"@type":"Answer","text":"
Excellent, that’s what I wanted to know! Thank you so much for the answer. I’ll give it a little time before I mark best answers just so others have a chance to reply.<\/p>\n
One thing that leaves me wondering is… which is more secure, a WANGroup VPN setup with<\/p>\n
AES-128/HMAC SHA1 (IKE) or the RD Gateway setup?<\/p>","upvoteCount":0,"datePublished":"2016-12-09T15:02:42.000Z","url":"https://community.spiceworks.com/t/remote-desktop-gateway-or-rd-broker/545968/3","author":{"@type":"Person","name":"gregleftwich","url":"https://community.spiceworks.com/u/gregleftwich"}},{"@type":"Answer","text":"
Considering SHA1 is generally regarded as not secure anymore, I would think the RD Gateway Setup with a SHA2 or higher SSL certificate would be better.<\/p>","upvoteCount":1,"datePublished":"2016-12-09T15:06:25.000Z","url":"https://community.spiceworks.com/t/remote-desktop-gateway-or-rd-broker/545968/4","author":{"@type":"Person","name":"koreymckinley","url":"https://community.spiceworks.com/u/koreymckinley"}},{"@type":"Answer","text":"
Okay awesome. So it looks like we made the right move then. Thanks again.<\/p>","upvoteCount":0,"datePublished":"2016-12-09T15:09:05.000Z","url":"https://community.spiceworks.com/t/remote-desktop-gateway-or-rd-broker/545968/5","author":{"@type":"Person","name":"gregleftwich","url":"https://community.spiceworks.com/u/gregleftwich"}},{"@type":"Answer","text":"
