Call now for cybersecurity help: 888-646-1616
Holly Sagstetter

VPN and RDP: Securely Work from Home

April 27, 2020

We are now living in a world where most people work from home. Due to COVID-19, experts are saying that if you can stay home, you should stay home. Employers are scrambling to make sure employees have the tools they need AND that they are keeping data safe.  By offering remote access, you're doing the riskiest thing a company can do from a cybersecurity perspective. You're giving people a way to bypass all security and get to your equipment and files. Remote access is what led to the Target breach, which exposed the personal information of about 70 million customers. Each remote connection creates a new access point for cybercriminals to exploit. So you want to do this the right way.

VPN and RDP services are somewhat similar and people are sometimes confused on what these services actually do. Both can give you remote access to a server or a computer, but there are key differences between the two. Let’s take a closer look at VPN and RDP.

working at desk with laptop

RDP: Remote Desktop Protocol

RDP (Remote Desktop Protocol) gives you the ability to control a computer’s desktop on one system while displayed on another. You can use your laptop at home but control your desktop at the office. RDP allows you to use special software that is on the host machine. Unfortunately, some people (especially with slower Internet connections) can find RDP connection slow. Everything you’re doing on your device is being done on your host machine.

So RDP definitely would give employees the tools they need to work from home. They’re accessing their work computer from their home device.

Is RDP secure?

In a perfect world, RDP is pretty secure. Microsoft had some security issues in the past, but they've been patched with the latest versions of Windows.

The problem is that most people aren't working "in a perfect world." Most companies struggle to put all the following in place:

  • Strong passwords
  • Two-factor authentication (2FA)
  • Clipboard disabled
  • Local AND remote computers patched and verified that there are no RDP vulnerabilities (remember the Windows BlueKeep attack last year?)
  • Network level authentication
  • Ideally, only have Standard user access (not Admin)
  • Encryption set to High
  • Some port other than 3389 (though this doesn't help much)
  • Someone actually looking at the logs to find suspicious activity

And even if you do these things, the big flaw with RDP is that you always have an open port (even if it's not 3389) telling the Internet "hey hackers, here I am with an RDP service listening, come target me." That makes you higher risk, no matter what.

VPN: Virtual Private Network

So how is VPN different from RDP? VPN (Virtual Private Network) allows you to connect to a VPN server, which in turn lets you connect to your company network. By itself, it doesn’t give you access to your host computer from another location (like RDP), but instead connects you to your office. This encrypts your internet traffic and can be very secure.  It won’t let you access specific functionality of your host computer (like using a certain software that you don’t have on your home computer). So depending on your company, using a VPN may not give your employees access to the tools they need to do work remotely.

However, many companies use both tools in combination. They’ll have people first connect with VPN, and then use RDP to control their work computer.

Is VPN secure?

If VPN is properly configured, yes, VPN is very secure. But, of course, it needs to be set up the correct way:

  • Two-factor authentication (2FA)
  • Strong passwords
  • Scanning for accidentally opened ports
  • Someone looking at logs to find suspicious activity
  • Don't allow split tunneling

Which is better: VPN or RDP?

So although RDP can be pretty secure, we generally don’t recommend people use RDP by itself. You’d be relying too much on 2FA, announcing to anyone with a port scanner that you exist and praying there aren’t any new RDP vulnerabilities.  If you want to use RDP, it’s penny-wise and pound-foolish not to add VPN as an added layer of security. If VPN is set up the right way, you'll still appear invisible to port scanners. It also separates the access from the control -- depending on how you set it up. VPN's also tend to have stronger controls against password spraying attacks and brute force / DOS attacks. And even if you're not doing a great job of patching local and remote computer vulnerabilities, it's more likely that you're going to keep your firewall patched to address any VPN vulnerabilities. Instead of looking at using VPN or RDP, a combination of the two is usually the best option. It provides security, privacy and encryption, but still allows employees to access their host computer. sec cybersecurity guidance - Businessman with tablet

Want help with your cybersecurity?

Get some free help!  Talk to an Adelia Risk cybersecurity consultant.

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2020 Adelia Associates, LLC | All Rights Reserved | Sitemap