Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RDP Security

Status
Not open for further replies.
Abernut

Abernut

IS-IT--Management
Jul 18, 2007
14
US
I have an MPLS network managed by one of the large providers.

During installation we made provisions to assign one of my Public IPs to one of my LAN servers to be accessed via RDP.

I have read mixed reviews about the security of this. I have a VERY strong Admin password.

Am I leaving a door open for network attacks?

Thank you,


 
Sort by date Sort by votes
I just read that I should change the port to something other than the default port.
 
Upvote 0 Downvote
To be honest, I don't think I know a whole lot about your particular setup, specifically an RDP. However, based on your other comments, I do have some generalized recommendations.

First, changing the port is a common recommendation. Unfortunately, it is like resisting the Borg, futile. The only thing that it does for you is to cut down on the 'noise' from the script kiddies, which in a properly designed system aren't a threat anyway. It will take roughly 30 seconds to run a port scan against your IP to see that the port has been moved.

Second, in general, don't open any ports that you don't have to. Of course to provide services you need to. Open only these ports and do so through a firewall router.

Third, make sure the application and your kernel remain up to date. Exploits are discovered and corrected and by keeping things up to date you minimize the risk of being vulnerable to an old attack.

Fourth, if you application allows it, using "keys" or certificates instead of passwords is MUCH better. Along these lines, if possible restrict the range of IP addresses, or domains allowed to connect.

Fifth, use programs such as deny hosts or fail2ban that will recognize invalid access attempts and temporarily block the offending IP address. This is usually enough to make them go away.

Sixth, restrict the level of access that can be achieved by the remote connection if at all possible.

That about sums it up. If nothing else, do use very strong passwords. The longer the better and do NOT use dictionary words and be sure to use not only numbers but also symbols too, which it sounds like you have done.

If you are really paranoid, you can install a network and host based intrusion detection system, but you will need to take the time to install it.

Lastly, keep your eyes open for signs of an intrusion. If you see something suspicious, investigate but don't panic.
 
Upvote 0 Downvote
To add to Noway2 you would be better off having a VPN setup. This way your outside users have an encrypted connection and you have a more secure network.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

smokey7244521
  • Locked
  • Question
RDP connectivity Issue
Replies
0
Views
98
smokey7244521
smokey7244521
rwsjbs
  • Locked
  • Question
RDP IP connection option for Windows 2003 Server
Replies
0
Views
73
rwsjbs
rwsjbs
apassopolis
  • Locked
  • Question
VPN Security
Replies
0
Views
58
apassopolis
apassopolis
Orrin77
  • Locked
  • Question
RDP w. Dual Monitors - Hidden Pop-up windows
Replies
2
Views
169
Orrin77
Orrin77
cmevets
  • Locked
  • Question
2008 RDP/Remote App Hangs when other users log in and out
Replies
1
Views
78
cmeagan656
cmeagan656

Part and Inventory Search

Sponsor

Back
Top