Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing Terminal Server Against a Hacker

Status
Not open for further replies.
WANguy2k

WANguy2k

MIS
Feb 25, 2002
363
US
I have a terminal server that is accessible from the outside world via http and RDP. I have someone repeatedly trying to hack into the machine from different ISPs. (Every night my security log shows failed login attempts with IDs like "administrator", "term1" etc.) I tried blocking the addresses he's on using an ACL, but the guy really moves around and changes addresses often.

I'm considering shutting down http to the server and telling everyone to use RDP, but I'm not sure that will make a difference, he'll just try using RDP.

I have a site certificate I can use, but once again I don't think that will stop him, unless he gets scared off by having to install the certificate.

Making everyone use a VPN client is not really an option, as I have salesmen who move around and access the site from various computers, and they can't install the VPN client everywhere they go.

Does anyone know of an easy way I can front-end the terminal server with additional security to stop this guy from repeatly trying to login? He's really ticking me off.
 
Sort by date Sort by votes
Stop or change the port used for HTTP and change the port for RDP.

explains how to make the changes for the RDP side of things on the server and shows you what you need to do on the client.

The only thing you would need to do is shut down the open 3389 port on the firewall and let your users know the new way to connect to the RDP session.

As far as the hacker goes, chances are that all they are doing is known port scanning, they are doing a scan of the ports, finding them open and then trying to access them, it's also likely that this is all done via a bot farm rather than a hacker sitting there trying it.

Simon

The real world is not about exam scores, it's about ability.
 
Upvote 0 Downvote
Look into Clientless SSL VPN's. Cisco has a fantastic offering for both fat client and clientless SSL VPNs. They are highly secure when deployed by themselves and extremely secure when paired with a client certificate/one-time password offering. The price isn't too terribly bad depending on which model you go with. The nice thing is that you have a portal that users log into (complete with health checks and other pre-login assessments) and they are presented with quite a few options for accessing resources directly from the VPN appliance; RDP, Citrix, VNC, HTTP, CIFS, FTP, SSH, Telnet, and a few more that I'm missing. No client installation necessary. You also have the option of granting the users a full ssl tunnel into your network so that they can access the resources directly.

I don't know your exact situation but you may find that outbound RDP is blocked at some companies (like mine :)) so they wouldn't even be able to phone home.

Juniper, Citrix, and F5 also make nice SSL VPN appliances. On the lower end I hear a lot of people talk about Sonicwall and WatchGuard. It might be worth a look. Just my .02...

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
473
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
392
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
611
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
505
DrB0b
DrB0b
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
394
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top