Securing RDP to satisfy Cyber Essentials

fsimon · ‎Sep 01 2020

My company require to be certified under the UK Cyber Essentials Scheme. We have used RDP via Remote Gateway/Web published via a web application proxy to provide remote access to internal PC's for years. My understanding was that because only GUI and key strokes traverse the link that this is more secure than a traditional VPN. Specifically any malware on the client PC would be unlikely to infect the network.

However the CE assessor disagrees saying RDP is inherently insecure and insist that we use a VPN that connects to the network when the remote PC is switched on and disables local network access. I cant see how this could be more secure.

HAs anyone else resolved a similar problem, if so how

PvLucasz · ‎Dec 14 2020

@fsimonDid you get a response from anyone surrounding this question or manage to solve this for your organisation. We are at a similar stumbling block for CE.

Thanks,

fsimon · ‎Dec 14 2020

@PvLucasz Sadly no response. It may be that the RDP web portal is inherently insecure after all.

Securing RDP to satisfy Cyber Essentials

Securing RDP to satisfy Cyber Essentials

Re: Securing RDP to satisfy Cyber Essentials

Re: Securing RDP to satisfy Cyber Essentials

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Securing RDP to satisfy Cyber Essentials

Securing RDP to satisfy Cyber Essentials

Re: Securing RDP to satisfy Cyber Essentials

Re: Securing RDP to satisfy Cyber Essentials