One of the killer features of Small Business Server 2003 is the Remote Web Workplace – RWW for short. Within it you can access many internal resources using nothing more than a simple web browser. One of the key features that most people use is the “Connect to my computer” feature – often in fact many people call THIS single feature RWW which only serves to confuse issues at times. For the purposes of this FAQ – we’ll call it RDP/RWW
Many people have asked the question of is RDP/RWW more secure than a VPN with RDP. My response is a big YES.
RDP/RWW is more secure than a VPN/RDP combination for many reasons. I’ve tried to highlight a few below.
1. No VPN required – means there is no chance of data coming back up the VPN from the remote computer (a computer you don’t control) and then into your SBS network.
2. No configuration required on the remote computer – means that nothing of value is left behind – a VPN or SSH connection will leave something on the PC that others may use to gain access to your office LAN.
3. SBS2003 does a few additional things too before it opens up port 4125 (the default for RDP over RWW). You will need to have entered the RWW portal by entering your user credentials and password AND you’ll need to be a member of the Remote Web Workplace users group. Once you’ve passed these few tests then port 4125 opens
4. When connecting via RWW to a computer in your office, the SBS server does a check of two additional things before connecting you to your desktop PC in the office. It checks your source IP address before allowing you in via the RDP connection. If the source IP address for the RDP connection is not the same as the source IP address for the RWW/SSL connection you’ve used to authenticate thus far, then it drops the connection – more secure than a simple VPN connection.
So you can see that even simply using RDP over RWW interface is more secure than a VPN + RDP combination.
I’ve documented this even more in the chapter I wrote for the Advanced Windows Small Business Server 2003 Best Practices available fromwww.smbnation.com Check out Chapter 8 if you want more technical info.