Sep 01 2020 02:16 AM
My company require to be certified under the UK Cyber Essentials Scheme. We have used RDP via Remote Gateway/Web published via a web application proxy to provide remote access to internal PC's for years. My understanding was that because only GUI and key strokes traverse the link that this is more secure than a traditional VPN. Specifically any malware on the client PC would be unlikely to infect the network.
However the CE assessor disagrees saying RDP is inherently insecure and insist that we use a VPN that connects to the network when the remote PC is switched on and disables local network access. I cant see how this could be more secure.
HAs anyone else resolved a similar problem, if so how
Dec 14 2020 05:22 AM
@fsimonDid you get a response from anyone surrounding this question or manage to solve this for your organisation. We are at a similar stumbling block for CE.
Thanks,
Dec 14 2020 05:29 AM
@PvLucasz Sadly no response. It may be that the RDP web portal is inherently insecure after all.