Back to How To Guides
How To Guide

How to Configure Remote Access Servers

Secure remote access lets employees work from anywhere while keeping your network protected. Proper configuration is critical — misconfigured remote access is one of the top attack vectors.

Overview

The three main approaches are VPN (encrypted tunnel to your network), Remote Desktop Gateway (controlled access to specific desktops), and zero-trust solutions (per-application access without network-level connectivity).

Step 1: VPN Server Setup

Provide encrypted network access for remote workers.

1

Choose VPN Solution

  • Built-in router VPN: Many business firewalls include VPN server — easiest to deploy
  • OpenVPN: Free, open source, battle-tested, large community — runs on pfSense, OPNsense
  • WireGuard: Newer protocol, faster and simpler than OpenVPN, excellent performance
  • Windows Server RRAS: Built-in for Microsoft environments, integrates with Active Directory
  • Cloud VPN: AWS Client VPN, Azure VPN Gateway for cloud-first organisations
  • For most small businesses, pfSense/OPNsense with OpenVPN or WireGuard is the best value
2

Configure VPN Server

  • Use AES-256 encryption with SHA-256 or SHA-384 for maximum security
  • Enable multi-factor authentication for all VPN logins (not optional)
  • Create individual VPN certificates or credentials per user (never share)
  • Limit VPN access to only the network segments each user needs
  • Assign VPN users to a dedicated subnet separate from on-site users
  • Set session timeouts: Disconnect idle sessions after 30 minutes
  • Block split tunnelling — force all traffic through VPN for security
  • Configure concurrent session limits per user account
3

VPN Client Deployment

  • Distribute VPN client software and configuration files to authorised users
  • Use MDM to auto-deploy VPN profiles to managed devices
  • Test VPN connectivity from various ISPs and locations
  • Provide clear setup instructions for each operating system
  • Set up always-on VPN for company-owned devices
  • Create a self-service portal for VPN certificate renewal
Warning:

Never expose Remote Desktop Protocol (RDP port 3389) directly to the internet. RDP brute-forcing is one of the top ransomware delivery methods. Always require VPN first.

Step 2: Remote Desktop Access

Allow employees to access their office desktops remotely.

1

Remote Desktop Gateway

  • Windows Server: Install Remote Desktop Gateway (RD Gateway) role
  • RD Gateway acts as a secure proxy — users connect to Gateway, Gateway connects to desktops
  • Configure connection authorisation policies (who can connect)
  • Configure resource authorisation policies (what they can access)
  • Use SSL certificates from a trusted CA for the Gateway
  • Enable Network Level Authentication (NLA) for pre-authentication
2

Security Hardening

  • Change RDP from default port 3389 to a custom port on internal systems
  • Enable account lockout after 5 failed login attempts
  • Restrict RDP access to specific Active Directory security groups
  • Configure Windows Firewall to limit RDP source IP ranges
  • Keep all systems fully patched — RDP vulnerabilities are regularly discovered
  • Enable RDP session recording for sensitive systems if compliance requires it
  • Disable clipboard and drive redirection for high-security environments
3

Third-Party Alternatives

  • AnyDesk Business: Easy deployment, good performance, from 10 pounds/month per user
  • TeamViewer Business: Well-known, feature-rich, per-seat licensing
  • Splashtop: Good value, strong security, popular with MSPs
  • All offer better security defaults than bare RDP
  • Central management consoles for admin oversight
  • Consider these if you lack Windows Server infrastructure

Step 3: Security and Monitoring

Keep remote access secure over time.

1

Access Monitoring

  • Log all remote access sessions: who, when, from where, duration
  • Monitor for logins at unusual times or from unexpected locations
  • Alert on impossible travel: Login from UK then another country within hours
  • Review VPN connected user lists daily during initial rollout
  • Generate monthly remote access reports for management review
  • Monitor for brute force attempts against VPN and RDP endpoints
2

Ongoing Maintenance

  • Review remote access accounts quarterly — disable inactive users
  • Rotate VPN certificates annually
  • Update VPN server software when security patches are released
  • Test VPN failover if you have redundant connections
  • Review and update access policies as business needs change
  • Conduct annual security assessment of remote access infrastructure

Need Professional Help?

Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.

Get in Touch Call 01726 76999

Related Guides

How to Design a Secure Business Network Layout

Step-by-step guide with expert tips.

Learn more →

How to Implement Firewall Rules for Office Security

Step-by-step guide with expert tips.

Learn more →

Professional IT Support

Need hands-on help? Our engineers are ready.

Learn more →