Options
Don't allow external RDP to your network!
VPN into a network and then RDP to whatever server you need. Here's a good reason why to block that pesky protocol:
From the “Why use a VPN?” Department. Microsoft RDP flaw announced. ? My EtherealMind
From the “Why use a VPN?” Department. Microsoft RDP flaw announced. ? My EtherealMind
Comments
-
Options
higherho
Member Posts: 882
Yea I heard about this, they also came out with a patch or something shortly after. I've been using dame ware when I VPN into my work network from home. I'm also seriously thinking about deploying dameware at work for all the developers to use when they log into the servers instead of RDP when they are at home. Though I doubt management will purchase the extra licenses for it. -
Options
SouthSeaPirate
Member Posts: 173
Yea I heard about this, they also came out with a patch or something shortly after. I've been using dame ware when I VPN into my work network from home. I'm also seriously thinking about deploying dameware at work for all the developers to use when they log into the servers instead of RDP when they are at home. Though I doubt management will purchase the extra licenses for it.
I second DameWare. Using it company wide and very satisfied. Great for Helpdesk. -
Options
CodeBlox
Member Posts: 1,363 ■■■■□□□□□□
Hmm, I've currently got my router setup to forward on 3389 to a workstation on my home network from the internet.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens -
Options
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
I love Dameware. Looks like they were bought out by Solarwinds recently, which is likely a good thing. We don't allow any external RDP w/o VPN, but we patched all of our servers against this on Friday.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
OptionsZartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
At the very least, configure your firewall to only allow source IPs from your work or any other places you frequent. Don't forget to add the internal IP ranges from home.Hmm, I've currently got my router setup to forward on 3389 to a workstation on my home network from the internet.
I guarantee if you check your security logs you'll see tons of RDP login attempts.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
OptionsJ_86
Member Posts: 262 ■■□□□□□□□□
I did an "experiment" once and let RDP into my home network on a box with nothing on it for a few hours. There were over a thousand attempts to login. Its just a bad idea to let the unknown even reach a login screen on your network, but I see it all the time in small networks. VPN solutions are cheap and not all that complicated to setup for a small/medium sized users base.
l'LL echo dameware, we use it on every computer in our network. Very handy. -
Options
JockVSJock
Member Posts: 1,118
Found some more info about RDP attacks from securitytube.com
Defcon 19 - Bosses Love Excel, Hackers Too.
Also making the rounds in the blogsphere:
The Risks of Remote Desktop for Access Over the Internet
Hackers Offer Bounty for Windows RDP Exploit — Krebs on Security
RDP Flaws Lead Microsoft’s March Patch Batch — Krebs on Security***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
