remote desktop two factor authentication

[Midsmartin]

RDP (Windows Remote Desktop) is not terribly secure, and it's a bad idea to expose it directly to the internet.

But you can add 2 factor authentication using duo.com, and it's free for 10 users.
Now, if you try to connect to remote desktop, you can only connect if you additionally confirm it on your phone.

What I'm struggling to answer is how secure this really is. It would seem bullet-proof, unless there's a possibility of an RDP bug/exploit that allowed the second authentication to be bypassed.

Googling fails to answer the question for me!

Perhaps spending money on a router that has a VPN server is the best answer.

But can I be confident that a VPN would be less vulnerable to attack than RDP+ Duo? Presumably a VPN could also contain vulnerabilities.

[servodude]

Anything can contain vulnerabilities

Your 2FA solution should stop anyone accessing your RDP server without your phone
The VPN could be used to encrypt your traffic and you could limit RDP access to the same network (having both ends in the VPN)

That's about as bullet proof you can get while still being able to access things remotely (assuming no alternative RDP stuff is installed to go round behind it - which is more likely than the intended 2FA being hacked)

[Infrasonic]

I'd definitely have a decent router in place...https://routersecurity.org/RouterNews.php

https://routersecurity.org/testrouter.php

https://www.wireguard.com/

[Urbandreamer]

RDP (Windows Remote Desktop) is not terribly secure, and it's a bad idea to expose it directly to the internet.

But you can add 2 factor authentication using duo.com, and it's free for 10 users.
Now, if you try to connect to remote desktop, you can only connect if you additionally confirm it on your phone.

What I'm struggling to answer is how secure this really is. It would seem bullet-proof, unless there's a possibility of an RDP bug/exploit that allowed the second authentication to be bypassed.

Googling fails to answer the question for me!

It really depends upon what you "mean" by "secure".

Basically you are trusting a 3'ed party with your security/privacy. I'm not arguing that there is anything "wrong" with this, but it is what is suggested.

There are of course other alternatives.
One is to use ssh with strong key control.

Ok, unpacking, ssh is an encrypted protocol (with possibly strong key's) intended to provide a command line (Secure SHell) interface to a remote machine.
When a connection is asked the machine address and/or a cryptography key is checked.

However it can be used as a tunnel to wrap other things.

Here is a google search
https://www.google.com/search?client=fi ... dp+via+ssh
Here is the link I picked from that search.
https://blog.netnerds.net/2017/12/updat ... e-desktop/

What's your use case? Home, school, company etc.

[xeny]

I've used an RDP over SSH arrangement for a couple of years now and it works beautifully.