So, your IT provider reached out and said that it is time to stop using Remote Desktop and start using Remote Desktop Gateway. They tell you it is because of security and Remote Desktop keeps getting hacked. Or maybe you are asking about remote work and they recommend just a RD Gateway.
RD Gateway is just security by obscurity!
Lets start by explaining the difference between the two.
There is none, they are different technologies that build on each other. Remote Desktop allows you to connect to a remote computer or server over the internet; you’ll need to know the user name, password, and External IP.
Remote Desktop Gateway is just a Gateway for one central point of access the the rest of the computers on the network. You need to know one additional piece of info which is the local computer name you want to connect to.
So Remote Desktop Gateway uses the same protocols, the same encryption (SSL), and only provides central logging and a central connection point so your only opening one port on your firewall.
Okay, so it is slightly more secure do to only one port. What do you mean by “Security by Obscurity”?
When a hacker attempts to brute force Remote Desktop, they scan the internets IP Addresses for open RDP ports. Once they know that you have a open RDP port, they will try connecting over and over again with a dictionary of compromised passwords.
With RD Gateway, Hackers haven’t updated their tools quiet yet to do this, but it is simple enough. They would scan for an open SSL port, put that IP in the gateway field and test. If they get back a bad user/password error code, they know it is RD Gateway server and they could start hammering it. If they get back something else, they know its probably just a regular website and skip it.
That is why there aren’t as many RD Gateway attacks and most people think it is safe. But remember, people use to think Remote Desktop was safe!
What would you recommend for Security?
I would still recommend RD Gateway but I would use my router to limit the open port by connecting IP address. If I am going to have to many connections for that to be easily manageable then I would use a VPN with a RD Gateway.
Give us a call if you need help with any of this technology stuff!