Securing External RDP

Last week, I was looking into a way of securing an RDP connection that was connected to the Internet.

Normally, I would not allow RDP directly to the Internet, for pretty obvious reasons, but I wanted to be able to connect to one of my PCs using a standard protocol, from an external location without having to install a software on the other devices, e.g. TeamViewer etc.

So, as I didn’t have much time to plan, I just searched online for RDP 2FA, and a well recommended item on SpiceWorks and a few other forums, was DUO Security. Setting up DUO was stupidly easy, from account to sign up, to testing login externally using 2FA only took less than 10 minutes, and that included some internal testing first and configuration.

So, as I’ve now got a way to enable external access to my 24/7 “server”. I’ve set it up with 2FA on all RDP connections with the exception of from the IP address of my main PC, as I connect to that a lot.

I am now tempted to install DUO on other devices, e.g. my MacBook, as even though it’s encrypted and has a firmware password, I do use a not so great password on it (no not that bad), as I have to type it a lot. Only issue with this, is that the DUO application for MacOS, only supports initial logins and not wake up from sleep, which is how I log into my laptop most of the time, due to how long the battery lasts while in deep sleep. So, to get that working properly, I either need to find a way for it to work after X minutes since last unlock/after X login attempts or change how I use it. Though, as I’ve just upgraded the SSD to an 860 Evo, I might go with the latter, we’ll see.