0

I have an internet-facing RDP server and getting constant brute force attacks trying random usernames and passwords. It's Windows 2016 with remote desktop services enabled. What can I do to stop this attack and secure it properly?

Edit: I have users connecting from all over the world so can't use VPN for everyone nor restrict IP addresses.

Does anyone have experience with any tool which prevents/drops Bruteforce connection?

Shofi
  • 1
  • 2
  • Stop having an internet-facing RDP server. Put it behind a VPN. If you can't just do that, then please [edit] your question to include more details about your constraints. – Fire Quacker Mar 29 '22 at 16:11
  • If your users only connect from specific IP addresses, then you might want to use Windows Firewall to only allow RDP connections from these IP addresses, and block RDP connections from all others. – mti2935 Mar 29 '22 at 16:12
  • There are numerous guides on how to secure RDP and many questions here about that. As for stopping the attack, you can't. People (and bots) will do what they want to. – schroeder Mar 29 '22 at 18:18
  • @Quacker I have remote users connecting to the server from various locations and VPN won't work for this sceanareo. – Shofi Mar 30 '22 at 08:04
  • @Shofi the linked questions have a variety of approaches. And, as I said, you can't prevent brute force attempts, you can only improve defences. – schroeder Mar 30 '22 at 08:18

0 Answers0