Security of RDP directly with administrative account VS RDP with normal account and elevation with administrative account

I’ve had some arguments with people about securing RDP access to servers:

Team 1 (including me) suggests that direct RDP access should only be possible with an (separate) administrative account.
Team A suggests that one should do RDP logi… Continue reading Security of RDP directly with administrative account VS RDP with normal account and elevation with administrative account

Posted in RDP

Which is more secure to access a VMware Windows VM : VMware Remote console or RDP+Remote Desktop Gateway

Without knowing more details, I can’t suggest to our security guy that we should use RDP along with a Remote Desktop Gateway.
One person says to that VMware Remote Console is more secure than using RDP with an X.509 certificate but another… Continue reading Which is more secure to access a VMware Windows VM : VMware Remote console or RDP+Remote Desktop Gateway

This Week in Security: Session Puzzling, Session Keys, and Speculation

Last week we briefly mentioned a vulnerability in the Papercut software, and more details and a proof of concept have been published. The vulnerability is one known as session puzzling. …read more Continue reading This Week in Security: Session Puzzling, Session Keys, and Speculation

Does enabling rdp induces a security risk coming from the internet if no port forwarding/nat is configured?

The question is mainly about the default windows implementation of rdp, but could also apply to xrdp. Enabling rdp is an option in the windows settings (remote desktop).
I would like to use rdp in a secured local network, to connect comput… Continue reading Does enabling rdp induces a security risk coming from the internet if no port forwarding/nat is configured?