How to Audit Remote Desktop (RD) Gateway Connections
This blog post focuses on RD Gateway auditing. We discuss what Remote Desktop Gateway is, why you should be monitoring it, and the best ways to audit RD Gateway connections.
Let’s start with the definition.
What is RD Gateway?
Remote Desktop Gateway (RDG or RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. It encrypts the RDC traffic into an HTTPS tunnel which creates a secure connection.
In layman’s lingo, RD Gateway is basically a funnel into your corporate environment. However, before you can use RD Gateway in your environment, clients must meet the conditions specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). RD CAPS specify who can connect to an RD Gateway server and the authentication method that must be used.
Now, because RD Gateway acts as a proxy between the external user and the Remote Desktop infrastructure, system administrators monitor those connections for security reasons.
The management also wants this info to track people’s remote logins and see who’s remoting into their desktops using RD Gateway to check who’s really working remotely from home and who’s just fooling around.
Read the entire article here, How to Audit RD Gateway Connections
Via the fine folks at Acceleratio!