Help CenterRemote Desktop Protocol (RDP) is one of the most convenient ways for users to access internal resources. However, exposing RDP ports (such as TCP 3389) on your firewall is one of the most common causes of ransomware intrusions.
Traditional mitigations, such as Remote Desktop Gateway or VPNs, still leave open inbound paths that attackers can target.
The ThreatLocker Secure Network implements Zero Trust Access (ZTA) by allowing users to securely reach internal Remote Desktop Servers without opening any ports on your firewall and without deploying a VPN.
The ThreatLocker Zero Trust Access solution provides a seamless method for accessing devices when operating outside of the internal network. Users can connect to authorized devices by simply entering the device name exactly as they would when connected to the internal network. ThreatLocker automatically manages the connection process in the background.
Rather than establishing a traditional network tunnel, the platform brokers the connection on behalf of the user. It is important to note that this solution does not function as a VPN and does not rely on conventional network routing.
When a user initiates a connection, the request is intercepted locally. The connection is then rewritten and redirected to localhost, where it is encapsulated before being securely transmitted over port 443 to the internet. From there, the traffic is routed to the platform’s data centers, where the connection is securely brokered to the destination device.
Because the connection is brokered through ThreatLocker rather than routed directly across a network tunnel, this approach provides improved performance and reduced latency compared to traditional remote access methods.
Why Traditional Methods Are High Risk
Remote Desktop (3389) Exposed
· Direct RDP exposure is a leading attack vector.
· Bots and attackers continuously scan the internet for open 3389.
Remote Desktop Gateway
· Moves access to port 443, but still exposes a listening service to the internet.
· Attack surface remains open.
VPN
· VPNs frequently become compromised through stolen credentials or vulnerabilities.
· VPNs provide network-level access, not service-level access.
· A compromised VPN client exposes the entire network.
ThreatLocker ZTA eliminates these risks.
Policy Types
ThreatLocker Secure Network offers four different types of policies that can be created.
- Device-to-Device Communication in My Organization
- For controlling traffic between internal endpoints via Secure Network, such as RDP traffic.
- Access to Website Category
- Use this option to control which website categories organizational devices are allowed to access.
- Secure SaaS or Cloud App Access
- Use this option to publish SaaS/cloud applications (like Microsoft 365, GitHub, Slack) through Secure Network. Each SaaS entry counts toward your SaaS Apps limit.
- Creating a Secure Network Policy - Custom Firewall Policy
- Use this to configure a host-based firewall policy to permit or deny traffic on specific ports or protocols to or from devices on your network.
ThreatLocker Secure Network applies Zero Trust principles to remote access by removing the need to expose services like RDP to the internet. Access is controlled through policies that define which users, devices, and applications can communicate, without opening firewall ports or relying on VPN infrastructure. This helps reduce risk while still supporting modern remote work.
Zero Trust Network Access (ZTNA) and Zero Trust Cloud Access (ZTCA) Frequently Asked Questions