Remoting into Server

jorrdn · 2021-11-01T15:00:41.000Z

Hello, I wanted to ask a question! What do all of you use to remote into your servers? I particularly don’t trust the Remote Desktop Protocol and wanted to see what everyone is using! I’ve seen a few people mention they use TeamViewer but is that really the best software for remoting into a local server?

Please let me know!

da-schmoo · 2021-11-01T15:04:05.000Z

RDP

If remote, RDP over a VPN connection.

titusovermyer · 2021-11-01T15:07:44.000Z

RDP is good for internal, it does not connect to anything external like a service like TeamViewer would. If you have less than 10 users that access the servers, you could use something like Duo to have 2FA to get on the servers if you’re worried about it…

adrian_ych · 2021-11-01T15:08:23.000Z

Jorrdn:

I particularly don’t trust the Remote Desktop Protocol …

Can you share more of that ???

Jorrdn:

…is that really the best software for remoting into a local server?

You are saying local server, does it mean the client machine is also on the same network as the server ?

Then what do you mean by server ? Physical server, VMs etc ??

Kenny8416 · 2021-11-01T15:08:36.000Z

First off, i’d avoid teamviewer like the plague - there’s a very long thread on here about their sharp business practices and keeness to pass customers on to debt collection agencies even if they only signed up for a trial.

Secondly, RDP is fine to use INTERNALLY, i.e. don’t be opening port 3389 to the internet.

We use a VPN tunnel to connect to our network, which has MFA enabled, then can RDP quite safely to the servers. For highly sensitive servers we can only connect to them via a “jump box server” which has a secondary MFA requirement to log on to

Personally I use mRemoteNG to manage all the connections, but Microsoft’s Remote Desktop Manager is OK too.

If you’re still not happy, then yes you could install one of many remote viewer utilities on the servers, but IMO that’s overkill and overcomplicating things, plus installing a potential additional security vulnerability on your server (there have been cases of remote viewers becoming compromised too)

jorrdn · 2021-11-01T15:09:43.000Z

Maybe DUO would ease my concerns with RDP. How’s the set up looking like? Just a simple install of DUO and editing access permissions?

kevinhsieh · 2021-11-01T15:15:48.000Z

As others have said, RDP is fine as long as it isn’t directly exposed to the Internet. RDP from an external location via VPN or RD Gateway (both with MFA or certificates) is also fine.
You should of course keep your clients and servers patched. RDP vulnerabilities aren’t that common, but they are found. The major concern with RDP from external locations is weak passwords/brute force/password reuse/password spray attacks.

tb33t · 2021-11-01T15:31:48.000Z

I’ve used RDCMan the past few years. A co-worker suggested I try MobaXterm and it’s got a lot of cool extra features if needed.

mark-splashtop · 2021-11-01T15:33:54.000Z

Over 200k businesses use Splashtop to remote manage computers. Splashtop supports 2FA and device authentication, with optional SSO/SAML2 integration (AD, ADFS, Okta, etc.). All traffic are encrypted. Our customers include Toyota, FedEx, UPS, Marriott, Disney, Apple, Target, Harvard, Stanford, MIT, USC, federal and state governments, financials, etc… There are many manageability knobs you can turn with Splashtop, including audit trails, grouping with granular access control, reporting / compliance, etc.

All endpoints and cloud infrastructure are automatically updated (unlike VPNs and RD Gateway which requires manual update and patches). Splashtop invests millions every year on security pentesting and monitoring of our solution.

If you do not want to install Splashtop agent on these servers, Splashtop has a “Connector” that can bridge to RDP / RDS / RemoteApp services as well.

@Splashtop

WiseOldelf · 2021-11-01T15:36:41.000Z

RDP. If remote, RDP through VPN.

jimmersbj · 2021-11-01T16:42:52.000Z

RDP if on the network, either in the office or over a VPN. Never open up port 3389 to the outside world. This may be what is tripping you up vis a vis RDP.

donovanmoretz6276 · 2021-11-01T17:00:04.000Z

All my servers, save one, are VM’s, so I just use the VMWare console.

The lone server (failover dhcp and dns) I just use RDP, as long as the RDP port isn’t open to the internet, it’s fine. You can also lock it down even more by specifying which users can connect.

robertpeets · 2021-11-01T17:32:12.000Z

I’ve used Teamviewer in the past and it worked well until updates started denying me access. I now use Cloudberry Remote Desktop, it works well and the price is right. Free.

In house I just use RDP.

ZebraMike · 2021-11-01T19:31:35.000Z

RDP over VPN, as well as Comodo One, remote agent, no external ports open on 3389, that is a great way to get ransomware…

jacob93397035 · 2021-11-01T19:45:27.000Z

We use RDP and Hyper-V to access servers locally. We use Splashtop with built in 2FA to access remotely. I’d definitely look at Splashtop as opposed to TeamViewer for pricing reasons alone.

tonyflint3525 · 2021-11-02T09:40:44.000Z

I use two tools: SimpleHelp ( www.simple-help.com ) and Splashtop via my RMM. Both have been rock solid for over-the-internet access. For internal use, it’s RDP and UVNC. I always have two remote access methods enabled, as one can fail.

Carl-Holzhauer · 2021-11-02T10:46:10.000Z

RDP. Simple, secure.

chivo243 · 2021-11-02T11:04:23.000Z

As others have noted, Remote starts with VPN, then RDP. In the past I have used nomachine nomachine.com Platform agnostic, and free!

test4echo · 2021-11-02T11:07:24.000Z

For anything on the same internal network, RDP. If I were remote and needing to access, I’d use a VPN then RDP. Horror stories of RDP being used to attack systems are almost exclusively from companies asking for it because they decided to be cute and open port 3389 to the internet.

wcrorlando · 2021-11-02T11:24:35.000Z

Netextender and Sonicwall mobile remote access appliance - encrypted RDP