We are always excited to announce AccessEnforcer releases, but today we are especially excited to announce the release of AccessEnforcer v5.0! In this milestone release we are introducing two great features, Gatekeeper for remote access security and Geo Fence for inbound traffic blocking.
In the current COVID-19 pandemic we have all seen the rise in teleworking and the use of remote access tools. For many of us, that means RDP.
We all know that exposing RDP to the Internet is extremely ill-advised, providing direct access to potentially insecure workstations. The cybercriminals are very aware too, which is why Kaspersky has recently reported that RDP bruteforce attacks are on the rise since the beginning of March 2020.
Even before the pandemic, RDP vulnerabilities have been making the news:
- Microsoft’s August Security Patches Address New RDP Vulnerabilities
- Microsoft Releases Security Update for Remote Desktop Services Vulnerability
- More critical Remote Desktop flaws expose Windows systems to hacking
It’s like RDP Groundhog Day/Month/Year every time!
The safest way to secure your RDP access is to use a VPN, such as CalyptixVPN. Unfortunately, many users find VPN clients to be cumbersome, or run into technical issues and ISP blocks. Consequently, many users resort to a port forwarding rule for their RDP connection which is patently unsafe.
We have developed a more secure method to implement RDP access that only allows securely authenticated RDP access, achieved with only a few clicks. Allow us to introduce Gatekeeper.
What is Gatekeeper?
Gatekeeper is a new patent-pending feature in AccessEnforcer that requires users to first authenticate with 2FA before granting special pinhole access to RDP. Instead of exposing your RDP port to the Internet or requiring network access with a VPN client, users simply access a secure Gatekeeper URL they bookmark on their browsers.
In the secure Gatekeeper portal, the user is prompted for their Active Directory username, password, and a Gatekeeper 2FA one-time code provided by a mobile authenticator app such as Google Authenticator or Authy. Once fully authenticated, they are given a list of the RDP hosts they have permission to connect to.
After that, they simply click the desired “Connect” button and their configured RDP client will make a connection using a special one-time-use pinhole firewall rule, permitting only their computer to connect to the remote host just once.
You can now allow users to access RDP with peace of mind that you are providing best in class access control consitent with the highest stardards set by NIST, CIS 20 etc.:
- Secure access with 2FA!
- No RDP exposed to the Internet (port of gateway application)!
- No clunky VPN client to set up, install & maintain!
- No VPN performance hit!
- No stress every time the next inevitable RDP vulnerability is announced!
How does Gatekeeper work?
Enabling Gatekeeper for Users is Simple:
- Setup a link to your Active Directory server.
- Invite users to Gatekeeper via email, the first step of the self-enrollment process.
- Each user completes the simple self-enrollment process (they’re encouraged to bookmark the portal URL)
That’s it in a nutshell! For more information please see links below under “Related Resources” so you don’t have to stop reading now!
To sum up, Gatekeeper is security and convenience in one nice package. Go ahead, have your delicious rich chocolate cake and eat it too!