I have been looking into how to secure a publicly-available RDP endpoint and want to implement our two-factor authentication RADIUS server, PhoneFactor. I would like to implement the following process:
- User opens up web app in browser
- In web app, user enters username + password, initiates RADIUS auth
- Phone factor calls user to complete auth
- Once user is authenticated, port 3389 is opened on user's IP on
- After some amount of time, firewall rule is removed for that IP
I would like to know the following:
- Is this a typical setup? If it is a bad idea, please explain why.
- If it is possible, are there any packages that assist with this? Specifically, the third step, where the appropriate firewall rule would need to be added...
Edit: I am aware of TS Web Gateway, but I want the users to be able to use the traditional RDP client...
© Server Fault or respective owner