Securing RDP to satisfy Cyber Essentials

%3CLINGO-SUB%20id%3D%22lingo-sub-1624713%22%20slang%3D%22en-US%22%3ESecuring%20RDP%20to%20satisfy%20Cyber%20Essentials%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1624713%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20company%20require%20to%20be%20certified%20under%20the%20UK%20Cyber%20Essentials%20Scheme.%20We%20have%20used%20RDP%20via%20Remote%20Gateway%2FWeb%20published%20via%20a%20web%20application%20proxy%20to%20provide%20remote%20access%20to%20internal%20PC's%20for%20years.%20My%20understanding%20was%20that%20because%20only%20GUI%20and%20key%20strokes%20traverse%20the%20link%20that%20this%20is%20more%20secure%20than%20a%20traditional%20VPN.%20Specifically%20any%20malware%20on%20the%20client%20PC%20would%20be%20unlikely%20to%20infect%20the%20network.%3C%2FP%3E%3CP%3EHowever%20the%20CE%20assessor%20disagrees%20saying%20RDP%20is%20inherently%20insecure%20and%20insist%20that%20we%20use%20a%20VPN%20that%20connects%20to%20the%20network%20when%20the%20remote%20PC%20is%20switched%20on%20and%20disables%20local%20network%20access.%20I%20cant%20see%20how%20this%20could%20be%20more%20secure.%3C%2FP%3E%3CP%3EHAs%20anyone%20else%20resolved%20a%20similar%20problem%2C%20if%20so%20how%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1624713%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

My company require to be certified under the UK Cyber Essentials Scheme. We have used RDP via Remote Gateway/Web published via a web application proxy to provide remote access to internal PC's for years. My understanding was that because only GUI and key strokes traverse the link that this is more secure than a traditional VPN. Specifically any malware on the client PC would be unlikely to infect the network.

However the CE assessor disagrees saying RDP is inherently insecure and insist that we use a VPN that connects to the network when the remote PC is switched on and disables local network access. I cant see how this could be more secure.

HAs anyone else resolved a similar problem, if so how

0 Replies