One could certainly argue that it is secure enough particularly if the
firewall only accepts connections from the public IP addresses of home users
[which may not be possible if they have dynamic IPs] and the computers are
configured with the security option to be FIPS compliant [which may break
things like access to secure websites] and using TLS. However the cost may
be relatively low to use a VPN with L2TP relative to the benefits which
requires that the computers authenticate with the VPN server via computer
certificates before a VPN session can be established which will do a lot to
keep others from trying to access your RDP opening in the firewall. Then you
will have your RDP sessions through 3DES ipsec via L2TP which is more
secure. But again it is very hard to say what is secure enough. If lives or
the survival of the business depend on the confidentiality of the data then
I would certainly suggest using L2TP VPN. The more valuable the target the
harder attackers will try to access the data. The link below explains all
the current options for securing RDP with W2003/XP Pro. --- Steve
http://technet2.microsoft.com/WindowsServer/en/Library/a92d8eb9-f53d-4e86-ac9b-29fd6146977b1033.mspx