USING RD GATEWAY FOR REMOTE ACCESS? SWITCH TO SPLASHTOP REMOTE ACCESS SOFTWARE
Remote Desktop Gateway (RDG, or RD Gateway) is a tool some companies use in conjunction with Remote Desktop Protocol (RDP) to enable remote access. As many IT professionals know, RD Gateway has various security challenges and usability/deployment issues.
Splashtop offers an alternative solution to RD Gateway that greatly simplifies remote access setup for IT and easy usability for employees/end-users. Splashtop Business Access supports your business continuity plan (BCP), disaster recovery plan (DR), work-from-home initiative (WFH), pandemic policy, telecommuting, and BYOD initiative, enabling employees to stay safe while being productive from anywhere.
RD Gateway vs Splashtop Remote Desktop
|Splashtop Remote Desktop Software||Traditional RD Gateway & RDP|
|Two-Factor Authentication / Multifactor Authentication (2FA/MFA)||Included||MFA support is not free (ie., Duo)|
|Device Authentication||Yes||Not available|
|Infrastructure Updates||Automated||Manual & risky – On January 14, 2020, CERT Coordination Center released Vulnerability Note VU#491944: MICROSOFT WINDOWS REMOTE DESKTOP GATEWAY (RD Gateway) ALLOWS FOR UNAUTHENTICATED REMOTE CODE EXECUTION: https://kb.cert.org/vuls/id/491944/. As RD Gateway are running 24/7, organizations are less likely to keep them updated with the latest security updates and patches.|
|Software Updates||Automated||Manual & risky – Need to worry about different versions of RDP as well as compatibility and security issues|
|Session recording||Yes||Not available|
|Disable / Enable file transfer||Yes||Not available|
|Ease of Use||Click & connect||Painful to setup and use RD Gateway and RDP|
|Performance||High performance 3D CAD / CAM capable, 1080p @ 60fps, 4k @ 30fps||Lagging connections, unable to support 3D CAD / CAM and streaming video. RDP support for MAC is weak|
|Tools/Utilities||File transfer, lock keyboard and mouse, chat, etc||Limited built-in tools with Microsoft native RDP client|
|Scalability / Deployment|
|On-board thousands of users||Quick & easy (both IT deployed and end user self-provision)||Painful – lots of time to set up, install, and configure for each user|
|Limited by gateway hardware||Not applicable; software based||RD Gateway CPU/Memory can overload and need to be upgraded|
|Set up RD Gateway at each office||Not applicable; software based||Requires setting up & managing RD Gateway for each office|
|Always updated||Yes – Splashtop managed updates||No – always troubleshooting issues, and requires manual updates of RDP & RD Gateway|
|Consistent tool across platforms||Yes – consistent remote access experience across Windows, MAC, and Linux||No – RDP is only Windows friendly|
|Cost||Cost effective starting at $5 per user per month (volume license discount available)||Complex & expensive to setup and manage; manual security updates; requires company-issued device; facing constant user support challenges|
|Management||Easy user/group management||Lots of parameters to configure|
|Conclusion||Every user and IT loves Splashtop||Never heard of anyone loving their RDP / RD Gateway setup|
RDP & RD Gateway Vulnerability Risks
On November 5, 2019, The FortiGuard Labs team recommends that customers immediately apply the latest patches from Microsoft for CVE-2019-0708 on any affected machines, and where possible, also disable RDP completely. BLUEKEEP RDP ATTACKS ARE STARTING: https://www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html.
On September 27, 2018, The Public Service Annoucement (PSA) warned “CYBER ACTORS INCREASINGLY EXPLOIT THE REMOTE DESKTOP PROTOCOL (RDP) TO CONDUCT MALICIOUS ACTIVITY,” outlining issues around outdated RDP versions with flawed encryption mechanism, unrestricted access to the default RDP port (TCP 3389) https://www.ic3.gov/media/2018/180927.aspx
On January 14, 2020, CERT Coordination Center released Vulnerability Note VU#491944 on MICROSOFT WINDOWS REMOTE DESKTOP GATEWAY (RD Gateway) ALLOWS FOR UNAUTHENTICATED REMOTE CODE EXECUTION: https://kb.cert.org/vuls/id/491944/. “Microsoft RD Gateway in Windows Server 2012 and later contain two vulnerabilities that can allow an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges…. the flaws lie in handling of fragmentation. This vulnerability is exploitable by connecting to the RD Gateway service listening on UDP/3391.”
NO MORE RD GATEWAY PROBLEMS. GET THE BETTER REMOTE DESKTOP SOLUTION
Splashtop is designed to give users seamless, secure remote access to their computers from any device, embracing BYOD. With its industry leading remote desktop technology running through a secure SSL (AES-256) tunnel, Splashtop allows users to access their PC and Mac desktops via their Windows, Mac, iOS, Android, or Chromebook devices as if they are sitting in front of their computers or servers. You get all the benefits of RDP / RD Gateway without the issues and complexities mentioned above. Also, it takes only minutes to set up.
Give Splashtop a test drive. No credit card or commitment required to get started.