Reasonable security of RDP VPN access [closed]

        An organisation I work with requires that employees be able to connect to machines on their network and log on to them from machines that are not on the network and not joined to the domain. 
They have these unsecure machines connect through up to date OpenVPN. When logging on externally, they use MFA. Recently they've improved security somewhat by limiting VPN connections to only be allowed to access the network using the RDP or SSH protocol and they're considering white-listing machines that can be RDP-ed/SSH-ed into (instead of allowing RDP/SSH to any machine and just restricting access through AD). What other security measures should always be considered in a situation like this? White-listing incoming IPs/networks is not an option, since the client machines may be on client or supplier networks. Installing certificates on the client machines is tricky for the same reason. The main concern is the level of access malicious code on the client machine may obtain to the organisation WAN/LANs.
Tags :

Leave Your Comment

Leave a Reply

%d bloggers like this: