We are needing to use RDP for a client, but the VPN and internet connection is just too flaky to use VPN anymore. VPN is NOT an option anymore for us.
Currently the plan is to open a bunch of ports (not 3389) on the firewall, and direct them to the 3389 ports internally. The issue with security arises when all that is stopping access is a single RDP connection with the correct password.
We could set up rules on the firewall to prevent access to only certain IP addresses, but this becomes an issue with dynamic IP's.
What would be the next best option to secure VPN?
Best Answer
Use rdp certificate authentication.
@Scott Chamberlain described this https://superuser.com/a/750943/440206: