I heard from more than one IT manager that they do not allow RDP users to connect to their internal network from outside, because it is not secure. They argue that if they allow their users to do this, then someone from outside will have access to their network.
I do not understand. To use RDP, you need a username and password, and you cannot log in without it. The same goes for using Gmail, online banking and any other web service.
So what do they use instead? LogMeIn. Or a VPN connection, and then use the internal RDP. VPN also requires a username and password.
If they are afraid of brute force attacks, then someone might attack the VPN server or LogMeIn with the same thing. And if these other technologies have locks (after x the number of unsuccessful attempts), why can't you configure for RDP?
Likewise, people always say that a VPN is very secure because it uses a βtunnelβ. I do not quite understand what this means, but no matter why the username and password cannot be hacked in the same way as any website or web service that uses the username and password can be.
rdp vpn logmein
as9876
source share