Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?
Posted
by
jamesfm
on Server Fault
See other posts from Server Fault
or by jamesfm
Published on 2011-11-22T16:43:31Z
Indexed on
2011/11/22
17:58 UTC
Read the original article
Hit count: 312
I am a dev with little admin expertise, administering a single dedicated web server remotely.
A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks."
Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today.
Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?
© Server Fault or respective owner