Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RDP Security

Status
Not open for further replies.

Abernut

IS-IT--Management
Jul 18, 2007
14
US
I have an MPLS network managed by one of the large providers.

During installation we made provisions to assign one of my Public IPs to one of my LAN servers to be accessed via RDP.

I have read mixed reviews about the security of this. I have a VERY strong Admin password.

Am I leaving a door open for network attacks?

Thank you,


 
I just read that I should change the port to something other than the default port.
 
To be honest, I don't think I know a whole lot about your particular setup, specifically an RDP. However, based on your other comments, I do have some generalized recommendations.

First, changing the port is a common recommendation. Unfortunately, it is like resisting the Borg, futile. The only thing that it does for you is to cut down on the 'noise' from the script kiddies, which in a properly designed system aren't a threat anyway. It will take roughly 30 seconds to run a port scan against your IP to see that the port has been moved.

Second, in general, don't open any ports that you don't have to. Of course to provide services you need to. Open only these ports and do so through a firewall router.

Third, make sure the application and your kernel remain up to date. Exploits are discovered and corrected and by keeping things up to date you minimize the risk of being vulnerable to an old attack.

Fourth, if you application allows it, using "keys" or certificates instead of passwords is MUCH better. Along these lines, if possible restrict the range of IP addresses, or domains allowed to connect.

Fifth, use programs such as deny hosts or fail2ban that will recognize invalid access attempts and temporarily block the offending IP address. This is usually enough to make them go away.

Sixth, restrict the level of access that can be achieved by the remote connection if at all possible.

That about sums it up. If nothing else, do use very strong passwords. The longer the better and do NOT use dictionary words and be sure to use not only numbers but also symbols too, which it sounds like you have done.

If you are really paranoid, you can install a network and host based intrusion detection system, but you will need to take the time to install it.

Lastly, keep your eyes open for signs of an intrusion. If you see something suspicious, investigate but don't panic.
 
To add to Noway2 you would be better off having a VPN setup. This way your outside users have an encrypted connection and you have a more secure network.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top