Comment Re:Require a VPN connection (Score 1) 200
Do it right, require a VPN connection before you allow an RDP connection.
Why exactly do you think that increases security? Most VPNs that I've seen use the AD domain password which means once the attacker gains access to the VPN, they can access all the network shares, terminal servers whatnot. You are equally f'ed in both cases. Also, the current RDP implementation uses TLS which is stronger than e.g. PPTP's RC4, still a widely used because it's so easy to set up.
I see this stupidity all the time: you are required to connect to a PPTP VPN, with access to the company LAN to boot, before you get to ssh to a linux box in the DMZ or wherever. Admins also often refuse to open the ssh ports based on some false belief about how it all works. They don't understand the differences between cryptographic algorithms, they don't really understand why firewalls are used and are good for, and they only have a superficial understanding of TCP/IP and the layers on top of it. They just blindly follow some "best practices" that someone somewhere put into a ppt, and cite meaningless shit like the OSI model, never actually taking the time to really understand.