
Cloudflare for SSH, RDP and Minecraft - jgrahamc
https://blog.cloudflare.com/cloudflare-for-ssh-rdp-and-minecraft/
======
ocdtrekkie
So, on one hand, this seems very useful.

On the other hand: Speaking as a Windows network admin, such a laughably large
number of Windows vulnerabilities start from "someone had port 3389 exposed to
the Internet", I find it a little strange that Cloudflare would support RDP.
Shouldn't RDP be used solely behind a VPN, much like other services Cloudflare
already offers?

In a world where Cloudflare is pushing DoH into people's browsers against the
wishes of lots of orgs because it's best practice, isn't supporting direct RDP
access from the Internet a bit backwards? Shouldn't Cloudflare be, if
anything, blocking RDP access by default as a safety feature?

~~~
jlgaddis
> _I find it a little strange that Cloudflare would support RDP? Shouldn 't
> RDP be used solely behind a VPN, much like other services Cloudflare already
> offers?_

Of course. But...

As we both know, people have running RDP on the standard port, wide open, with
zero firewalling or other access controls since the beginning of time and
continue to do so regardless of "common sense", best practices, or anyone
suggesting that maybe they shouldn't.

At some point, it doesn't take much to decide, "Well, if they're gonna do it
anyways, we might as well try to make a dollar off of it".

