Best Practices Using Remote Desktop Tools

I’m wondering what the best Security practices are when using remote desktop applications. What measures would you implement when using tools like AnyDesk and RemotePC. These tools allow any one with a username and password to access remote computers via the internet. Perhaps these tools should only be open to the LAN so VPN is required to connect.

To emphasize my point we are seeing a lot of activity ever since using RemotePC.

The best practice would be a b2b VPN, then windows Remote Desktop, or VNC viewer (local only)

We recently ran into just this where someone found the teamviewer login and password for one of the users and used it to gain access to a computer.

Nothing major happened but it’s not a pretty thing when that happens.

AnyDesk allows the use of 2FA. Not sure about any of the others though.

The blocked entries would just be from the remotepc app. If you’re wanting it to work from outside your network you would need to add the domain to your whitelist.

Of course any remote access is a potential risk. It can be mitigated by things like 2fa as Victor mentioned. Also using strong passwords. TeamViewer seems to get attacked a lot and there are many reports of account being compromised.
My personal favourite options are Tailscale with RDP (much simpler than having to configure a traditional VPN) and Chrome Remote Desktop because it’s protected by a Google account which is much harder to compromise.