So we support this company that has a RDS farm with 7 servers plus 1 broker. The broker is setup with a public IP address and domain name. Clients are simply using Microsoft's RDP to access the farm over 3389. Lately there has been a lot of failed logons on the broker from foreign IP addresses. Another company manages their Juniper firewall. We find out that all ports were open to the public and have him close all ports but 3389.
I know having 3389 open to the public is not a recommended. Although, how much damage can be done by leaving 3389 open?
What are better options for using RDS from any location? I was thinking of RDS Web Access. Have clients log into a secure website and launch RDP from there. At least that is a free solution. The other option I was thinking was having clients use SSL VPN.
What do you guys think?
I know having 3389 open to the public is not a recommended. Although, how much damage can be done by leaving 3389 open?
What are better options for using RDS from any location? I was thinking of RDS Web Access. Have clients log into a secure website and launch RDP from there. At least that is a free solution. The other option I was thinking was having clients use SSL VPN.
What do you guys think?