IS Decisions logo

IS Decisions Blog

Remote work: How to secure VPN & RDP sessions?

Remote work creates big cybersecurity problems that put sensitive corporate data at risk. Learn how to secure two of the most vulnerable issues: user access via RDP and VPN sessions.

Published March 18, 2020
Remote work: How to secure VPN & RDP sessions?

With COVID-19 (coronavirus) cases increasing by the day, organizations in affected countries around the world are asking employees to work remotely. However, offering this option without proper supervision and preparation raises security concerns.

The Microsoft Remote Desktop Protocol (also known as RDP) is used to allow remote desktop to a computer. Very easy to use and widely implemented, Remote Desktop even comes built-in to most versions of Microsoft Windows. It’s a powerful and convenient business tool to facilitate remote working but it does need further securing.

Access can be first restricted by ensuring Remote Desktop is used behind a secure virtual private network (VPN). Then two-factor authentication (2FA) that is compatible with RDP and VPN should be implemented to augment traditional password authentication.

What are the risks of working remotely?

IT professionals understand that remote working is extremely beneficial, but they also know that remote workers create risks.

Research shows that 92% of IT professionals believe the benefits of remote work outweigh the risks.

But their approval of remote work as a whole comes with some concerns. 90% of respondents think that remote workers pose a general security risk, and 54% think they pose a higher security risk than employees on site.

Whether we’re talking about insecure networks, the risk of spying or hacking, or even exploited employees, the risks of remote working ultimately concerns how IT can securely extend access to the corporate network — and the sensitive data inside.

How to secure your remote employees?

Raising employee awareness around the challenges and risks of IT security is essential. However, this is not enough. There are steps to be taken in addition to awareness.

1. Use a VPN

Using a VPN opens a secure tunnel between the remote desktop and your corporate network.

2. Secure access to VPN connections

For users to be able to work safely outside the office, IT administrators must be able to limit VPN access to certain authorized enterprise laptops. Any attempt to access from another machine must then be denied.

3. Two-factor authentication for VPN sessions

VPNs are meant to give users access to your most sensitive resources, therefore hardening them with 2FA is a crucial step toward preventing hackers from gaining access to your corporate network.

4. Monitor and manage all RDP sessions

Setting up a monitoring solution for RDP connections is a great way to detect abnormal access. Real-time alerts and an automated response allow you to act before any damage is caused.

5. Two-factor authentication for RDP sessions

2FA helps secure user access to the Windows environment. For remote connections the need is even more paramount. End users who connect remotely or virtually to a computer on the network should be challenged with 2FA to verify their identity.

A solution to secure your RDP & VPN sessions

Video thumbnail

With remote and mobile access quickly becoming the rule rather than the exception, UserLock alleviates this increased risk to enterprise security and protects against inappropriate or suspicious access.

Working alongside Active Directory, the solution helps administrators manage and secure access for all users (remote or on-premises), without disturbing employees or upsetting the IT department.

  • Secure VPN connections by only allowing a user access to a certain authorized device.

  • Monitor and react to any user session (including RDP and VPN) directly from the UserLock console.

Server user sessions

UserLock supports 2FA through authenticator applications that include Google Authenticator, Microsoft Authenticator, and LastPass Authenticator, or programmable hardware tokens and keys such as YubiKey and Token2.

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial