I have a windows server at work which has sensitive data stored on it. I have a laptop at home (with Windows 10 pro installed on it) which has good anti-virus and firewall software installed on the laptop. I want to use my laptop at home to logon and control the remote server at work. I want to do this as securely as possible. I require some advice on comparing the security risks of 2 different remote access methods. The first method is to use the built-in “windows remote desktop” feature through a VPN tunnel. The second method is to use remote desktop third-party software named “SplashTop”. Should I be using the first or second method to do remote access as securely as possible? Any comments, advice or guidance would be really appreciated. Thanks in advance.
Is this a physical server or VM? If it’s something like an Azure VM then Bastion > RDP > something like SplashTop (imo).
If you have the ability to use RDP via VPN only (so firewall rules on the server to only allow 3389 from the whitelisted IP that the VPN uses), and the VPN requires MFA, and the RDP access control is setup properly to only accept requests from authorized users…there’s just less need to have to manage an additional third-party app.
Others with more knowledge could chime in if there’s better reasons to use SplashTop, but my stance is always simplify and harden as much as possible. If it’s an Azure VM, then Bastion gets rid of the need for RDP all together and just uses 443.
Here are some considerations for you:
-
PRIVACY: RDP is session-based and Splashtop is console based. This means that, by default, when you connect over RDP, nobody viewing the console of the Windows server at your office (physical or virtual) can see what you are doing. If using Splashtop, anyone viewing the console of the Windows server at your office (virtual or physical), can see what you are doing unless you enable the screen-blanking for feature of Splashtop.
-
PERFORMANCE / LAG: All things being equal from a bandwidth standpoint, console based software like Splashtop can sometimes be laggy, compared with RDP. Please test this to determine what you are comfortable with.
-
SECURITY: Both can be secure. Splashtop goes through a protected private tunnel that is only exposed to the Splashtop client software; whereas, your VPN is exposed to your entire Windows 10 Pro at home. This means that there is a risk that a malware affecting your Windows 10 Pro computer at home can “potentially” traverse the VPN tunnel to reach your network. To prevent scenarios like this if you prefer RDP, consider secure RDP solutions without VPN, such as TruGrid SecureRDP
As long as the VPN is very solid (maintained with updates, ideally open-source) and properly configured that one is the better option.
I recommend RDP a PC in the company network and connect to the server from there