GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.
We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.
Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.
If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).
I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho