Securing RDP to satisfy Cyber Essentials

New Contributor

My company require to be certified under the UK Cyber Essentials Scheme. We have used RDP via Remote Gateway/Web published via a web application proxy to provide remote access to internal PC's for years. My understanding was that because only GUI and key strokes traverse the link that this is more secure than a traditional VPN. Specifically any malware on the client PC would be unlikely to infect the network.

However the CE assessor disagrees saying RDP is inherently insecure and insist that we use a VPN that connects to the network when the remote PC is switched on and disables local network access. I cant see how this could be more secure.

HAs anyone else resolved a similar problem, if so how

2 Replies

@fsimonDid you get a response from anyone surrounding this question or manage to solve this for your organisation. We are at a similar stumbling block for CE.



@PvLucasz Sadly no response. It may be that the  RDP web portal is inherently insecure after all.