ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    The Myth of RDP Insecurity

    IT Discussion
    rdp vpn security
    18
    103
    13.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PSX_DefectorP
      PSX_Defector
      last edited by

      Here is the one thing that will shut the dumbasses up about RDP being "insecure".

      Multi factor authentication.

      Microsoft even supplies wonderful application for it.

      https://azure.microsoft.com/en-us/services/multi-factor-authentication/

      Eliminates all the shit password problems, even if its 'password', has a mobile app to just hit a button to approve login, and is pretty easy to set up to boot.

      1 Reply Last reply Reply Quote 2
      • JaredBuschJ
        JaredBusch
        last edited by

        This was mentioned in another thread once, but I feel it needs to be here also.

        https://github.com/glasnt/wail2ban

        scottalanmillerS wrx7mW 2 Replies Last reply Reply Quote 2
        • scottalanmillerS
          scottalanmiller @JaredBusch
          last edited by

          @JaredBusch said in The Myth of RDP Insecurity:

          This was mentioned in another thread once, but I feel it needs to be here also.

          https://github.com/glasnt/wail2ban

          Anyone got a guide to working with that with RDS?

          dbeatoD JaredBuschJ 2 Replies Last reply Reply Quote 0
          • dbeatoD
            dbeato @scottalanmiller
            last edited by

            @scottalanmiller said in The Myth of RDP Insecurity:

            @JaredBusch said in The Myth of RDP Insecurity:

            This was mentioned in another thread once, but I feel it needs to be here also.

            https://github.com/glasnt/wail2ban

            Anyone got a guide to working with that with RDS?

            No that I know of, I can work on it maybe tomorrow or Friday.

            scottalanmillerS 1 Reply Last reply Reply Quote 2
            • scottalanmillerS
              scottalanmiller @dbeato
              last edited by

              @dbeato said in The Myth of RDP Insecurity:

              @scottalanmiller said in The Myth of RDP Insecurity:

              @JaredBusch said in The Myth of RDP Insecurity:

              This was mentioned in another thread once, but I feel it needs to be here also.

              https://github.com/glasnt/wail2ban

              Anyone got a guide to working with that with RDS?

              No that I know of, I can work on it maybe tomorrow or Friday.

              That would be awesome.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @scottalanmiller
                last edited by

                @scottalanmiller said in The Myth of RDP Insecurity:

                @JaredBusch said in The Myth of RDP Insecurity:

                This was mentioned in another thread once, but I feel it needs to be here also.

                https://github.com/glasnt/wail2ban

                Anyone got a guide to working with that with RDS?

                No, I was just trying to link solutions for someone and remembered it from another thread.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @JaredBusch
                  last edited by

                  @JaredBusch said in The Myth of RDP Insecurity:

                  @scottalanmiller said in The Myth of RDP Insecurity:

                  @JaredBusch said in The Myth of RDP Insecurity:

                  This was mentioned in another thread once, but I feel it needs to be here also.

                  https://github.com/glasnt/wail2ban

                  Anyone got a guide to working with that with RDS?

                  No, I was just trying to link solutions for someone and remembered it from another thread.

                  Cool, well it is a start. Good passwords, good RDP patching, wail2ban... should make RDP a lot more secure with relatively little effort, in theory.

                  1 Reply Last reply Reply Quote 0
                  • NashBrydgesN
                    NashBrydges
                    last edited by

                    Any concerns about the fact that there will be no further maintenance of wail2ban?

                    Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                    DustinB3403D JaredBuschJ 2 Replies Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @NashBrydges
                      last edited by

                      @NashBrydges Yeah seems like a dead project to me as well. All of the forks are also at least 10 months out of date as well.

                      1 Reply Last reply Reply Quote 0
                      • dafyreD
                        dafyre
                        last edited by

                        Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

                        JaredBuschJ wrx7mW 2 Replies Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch @NashBrydges
                          last edited by

                          @NashBrydges said in The Myth of RDP Insecurity:

                          Any concerns about the fact that there will be no further maintenance of wail2ban?

                          Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                          It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                          But no, you are not misunderstanding.

                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                          • JaredBuschJ
                            JaredBusch @dafyre
                            last edited by

                            @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

                            scottalanmillerS wrx7mW 2 Replies Last reply Reply Quote 3
                            • scottalanmillerS
                              scottalanmiller @JaredBusch
                              last edited by

                              @JaredBusch said in The Myth of RDP Insecurity:

                              @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

                              We use it, too.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @JaredBusch
                                last edited by

                                @JaredBusch said in The Myth of RDP Insecurity:

                                @NashBrydges said in The Myth of RDP Insecurity:

                                Any concerns about the fact that there will be no further maintenance of wail2ban?

                                Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                                It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                                But no, you are not misunderstanding.

                                Definitely needs someone to pick it up and care for it. It is a great idea.

                                JaredBuschJ 2 Replies Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in The Myth of RDP Insecurity:

                                  @JaredBusch said in The Myth of RDP Insecurity:

                                  @NashBrydges said in The Myth of RDP Insecurity:

                                  Any concerns about the fact that there will be no further maintenance of wail2ban?

                                  Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                                  It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                                  But no, you are not misunderstanding.

                                  Definitely needs someone to pick it up and care for it. It is a great idea.

                                  There are a bunch of forks, but I wasn't going to go through them looking for updates.

                                  1 Reply Last reply Reply Quote 0
                                  • wrx7mW
                                    wrx7m @JaredBusch
                                    last edited by wrx7m

                                    @JaredBusch said in The Myth of RDP Insecurity:

                                    @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

                                    I have been using it for almost a year. The only time it has blocked someone is the same dummy that always typos his password. Probably blocked him 5 times.
                                    cd451066-7b8d-4714-b8f0-0f1a743ffaaa-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • wrx7mW
                                      wrx7m @dafyre
                                      last edited by

                                      @dafyre said in The Myth of RDP Insecurity:

                                      Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

                                      I use an RDGateway and RDPGuard

                                      1 Reply Last reply Reply Quote 1
                                      • wrx7mW
                                        wrx7m @JaredBusch
                                        last edited by

                                        @JaredBusch said in The Myth of RDP Insecurity:

                                        This was mentioned in another thread once, but I feel it needs to be here also.

                                        https://github.com/glasnt/wail2ban

                                        I am going to see if this will work for my PRTG server.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @wrx7m
                                          last edited by

                                          @wrx7m said in The Myth of RDP Insecurity:

                                          @JaredBusch said in The Myth of RDP Insecurity:

                                          This was mentioned in another thread once, but I feel it needs to be here also.

                                          https://github.com/glasnt/wail2ban

                                          I am going to see if this will work for my PRTG server.

                                          Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)

                                          wrx7mW 1 Reply Last reply Reply Quote 1
                                          • JaredBuschJ
                                            JaredBusch @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in The Myth of RDP Insecurity:

                                            @JaredBusch said in The Myth of RDP Insecurity:

                                            @NashBrydges said in The Myth of RDP Insecurity:

                                            Any concerns about the fact that there will be no further maintenance of wail2ban?

                                            Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                                            It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                                            But no, you are not misunderstanding.

                                            Definitely needs someone to pick it up and care for it. It is a great idea.

                                            Just saw this today..
                                            https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/

                                            Haven't read the code for how they parse the event log for fails, but no doubt this would help.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 3
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 5 / 6
                                            • First post
                                              Last post