A small business owner wants to allow a remote employee to access their office desktop from home, but is concerned about security. They currently have a standard router with a public IP. Which of the following is the most secure method to enable this access?
Trap 1: Enable port forwarding on the router for TCP 3389 to the desktop's…
Port forwarding directly exposes RDP to the internet, making it vulnerable to automated attacks and malware.
Trap 2: Use a third-party remote desktop service like TeamViewer without…
While convenient, third-party services may have their own security risks and often require internet access through their servers, which can be less controlled than a self-hosted VPN.
Trap 3: Change the RDP port to a non-standard port number and enable port…
Changing the port only reduces automated scans but does not prevent targeted attacks; it is not a security measure.
- A
Enable port forwarding on the router for TCP 3389 to the desktop's IP address.
Why wrong: Port forwarding directly exposes RDP to the internet, making it vulnerable to automated attacks and malware.
- B
Configure a VPN server on the office network and have the employee connect via VPN before using RDP.
A VPN encrypts all traffic and requires authentication, adding a layer of security before RDP access is permitted.
- C
Use a third-party remote desktop service like TeamViewer without additional configuration.
Why wrong: While convenient, third-party services may have their own security risks and often require internet access through their servers, which can be less controlled than a self-hosted VPN.
- D
Change the RDP port to a non-standard port number and enable port forwarding.
Why wrong: Changing the port only reduces automated scans but does not prevent targeted attacks; it is not a security measure.