My company uses RemoteApp to provide a “cloud edition” of our desktop software.
The RDP port has been changed from default, and we run RDP Shield, which blocks the IP address after 5 failed login attempts.
Each customer has their own Windows user account on the server they are hosted on (Windows Server 2016). Security software whitelists the programs that can run from their account etc.
I can see that Brute force attacks would be far more difficult due to lockouts, as they would require an endless supply of IP addresses.
But are there other login vulnerabilities that are present, that wouldn’t be present if we used an RD Gateway to log in?
I see RD Gateway always recommended, but can’t see a clear advantage over firewall based blocking using RD Shield.
Is TLS inherently more secure than RDP’s encryption?
Does an IP lockout policy prevent most public RDP attacks?