cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ITProJeff
Newcomer II

Cybersecurity Insurance denied due to RDS Gateway

I recently had a client get denied Cybersecurity Insurance due to their RDS Gateway being exposed to the internet (this is RDS Gateway on port 443/3391, not Remote Desktop port 3389). Their claim was that "Current threat actor activity on the internet is focusing on targeting this technology to deploy ransomware and other malware." We had GeoIP filtering restricting access to USA only, MFA, and a brute-force detection/IP blocking software installed. Their only solution was to put it behind a VPN or disable it altogether. We're currently pressing them to find out if that's also required for Citrix Netscaler or VMWare Horizon since they're exposed to the internet as well and can (and have) had vulnerabilities. 

 

I have not heard of any "threat actor activity" actively exploiting RDS Gateway and am wondering if the new standard is not exposing it to the internet and I missed that? Is everyone else putting it behind a VPN and praying for no or low vulnerabilities on that?

10 Replies
KPA
Viewer

I agree - VPN is being phased out by many organizations. Attacks do come from remote users over the IPSEC tunnel - I have seen that happen to companies we have assisted.

 

Anyhow, SASE is good for securing RDP. Azure App Proxy and TruGrid SecureRDP are two good products for securing RD Gateway.

 

Peter