RDP through VPN. Am I doing something dangerous?

S

Silenus

Limp Gawd
Joined
Jan 6, 2011
Messages
177
When I am at home I sometimes need to connect to my computer at work. Both machines run Windows 7 and we have a Netgear FVS338 VPN firewall at work. I have a VPN software/agent on my computer at home and connect to the work network via IPsec with PSK. Once the tunnel is established I can then do a simple Remote desktop session to my work computer from my home machine.

Is this something dangerous and if so what I can do to make it more secure?!
 
The latest versions of RDP (Windows Vista or better), if configured for that level of security, is actually relatively safe over the open internet.

A VPN adds another layer of security and encryption there so you're in good shape.
 
As far as risk, it's debatable. As Volcanon said, the RDP protocol itself is pretty secure ( or can be configured as such ), and running across a VPN just helps with that.

The problem is your local system. By default, rdp shares up your drives and printers to the remote system. Further, RDP/VPNs won't save you from a keylogger, so unless you are doing two factor auth, an attacker could have your log in moments after you make a connection.

Just make sure your local system is clean and you should be good.
 
RDP over VPN is a lot safer than opening up actual CIFS/SMB file sharing and direct database access, etc to VPN users. You can't control end user's home workstations without investing in some sort of NAC which is expensive, so RDP is a good way to allow access at a low risk level. Users remote into a machine that you as an IT person have tight control over. (well, at least we do anyway).

We do the same VPN/RDP combo and we are subject to FERPA compliance, it seems to not raise any red flags with our auditors, and we are in a constant state of audit.
 
Thank you sirs. I was thinking it should be ok, but sometimes the interweb horror stories you hear make you stop and think. I also only enable the tunnel as needed, and disable it whenever I am not actually using it. Since I am effectively the IT person for my company I am confident in both my home machine and work machine being clean. I will not worry overmuch about it then.
 
You must log in or register to reply here.
Back
Top