I am using a VPS that I connect to using RDP over the internet. Since I was experiencing an incessant stream of brute force attacks on the RDP, I configured the windows firewall to only allow certain IP-addresses to connect. This seems to work like a charm as the Failed Audit Log stays clean now. Yet I wonder if this practice is in fact secure.
Asked
Active
Viewed 61 times
1 Answers
0
Multiple security controls are always better than one. Defense in depth.
Review MITRE's index of remote desktop protocol and its citations. Consider some of the ways to improve detection and mitigation.
- Audit users allowed to RDP
- Network segmentation (your firewall rules fall in this category)
- Bastion host, possibly using an implementation of remote desktop gateway protocol
- Multi-factor authentication
- Review login sessions
John Mahowald
- 30,009
- 1
- 17
- 32