Best way to secure RDP connections WITHOUT VPN

We are needing to use RDP for a client, but the VPN and internet connection is just too flaky to use VPN anymore. VPN is NOT an option anymore for us.

Currently the plan is to open a bunch of ports (not 3389) on the firewall, and direct them to the 3389 ports internally. The issue with security arises when all that is stopping access is a single RDP connection with the correct password.

We could set up rules on the firewall to prevent access to only certain IP addresses, but this becomes an issue with dynamic IP's.

What would be the next best option to secure VPN?

Best Answer

Use rdp certificate authentication.

@Scott Chamberlain described this https://superuser.com/a/750943/440206:

Yes but you will need to install and configure your Remote Desktop Session host to use a Remote Desktop Gateway to do it.

Once you are using a Remote Desktop Gateway you can set up Remote Desktop Connection Authorization Policies (RD CAPs) and Desktop Resource Authorization Policies (RD RAPs) in those you can set things up like requiring that a connecting machine has a client certificate (per machine or per user).

Best Answer

Related Solutions

Related Question