Remote connection protection

How does RDP work to control a distant machine? I read that it is quite secure, does it need additional connection security?

to control RDP to a “distant” machine, im guessing you mean across the internet… RDP gives you full control and access as if you were sat at the target machine.

RDP by nature is quite insecure and shouldnt just be allowed!, port 3389 is a targetted port by many bots and scanners, and if its found open, then the only thing securing it is a username & password, so a brute force attack could likely gain access.

If you want to allow RDP to your “distant” machine its hoefully behind a router of somekind, and would need port forwarding rules or firewall rules.
you would need to

  1. on the windows machine, enable RDP and the windows firewall rule & enable the windows user account (by default administrators can RDP)
  2. in the router create a port forward for TCP port 3389 to the internal IP of the PC

BUT that is very very insecure,… if you MUST use rdp, then
in the router firewall rule - allow ONLY RDP only from a speciic static WAN IP address (e.g from your remote office/work)
Create a secure VPN to your router, then RDP to the internal IP of the machine
Setup an RD Gateway (uses port 443)

Remote Desktop Protocol allows to access and control a distant machine. The connection is quite secure, well described pros and cons here: Microsoft Remote Desktop Protocol | Detailed Guide & Explanation
As for the additional protection for the connection can’t tell, but I think it depends on what kind of data you will work with.