The Myth of RDP Insecurity

PSX_Defector

Here is the one thing that will shut the dumbasses up about RDP being "insecure".

Multi factor authentication.

Microsoft even supplies wonderful application for it.

https://azure.microsoft.com/en-us/services/multi-factor-authentication/

Eliminates all the shit password problems, even if its 'password', has a mobile app to just hit a button to approve login, and is pretty easy to set up to boot.

JaredBusch

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

scottalanmiller

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

Anyone got a guide to working with that with RDS?

dbeato

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

Anyone got a guide to working with that with RDS?

No that I know of, I can work on it maybe tomorrow or Friday.

scottalanmiller

@dbeato said in The Myth of RDP Insecurity:

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

Anyone got a guide to working with that with RDS?

No that I know of, I can work on it maybe tomorrow or Friday.

That would be awesome.

JaredBusch

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

Anyone got a guide to working with that with RDS?

No, I was just trying to link solutions for someone and remembered it from another thread.

scottalanmiller

@JaredBusch said in The Myth of RDP Insecurity:

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

Anyone got a guide to working with that with RDS?

No, I was just trying to link solutions for someone and remembered it from another thread.

Cool, well it is a start. Good passwords, good RDP patching, wail2ban... should make RDP a lot more secure with relatively little effort, in theory.

NashBrydges

Any concerns about the fact that there will be no further maintenance of wail2ban?

Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

DustinB3403

@NashBrydges Yeah seems like a dead project to me as well. All of the forks are also at least 10 months out of date as well.

dafyre

Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

JaredBusch

@NashBrydges said in The Myth of RDP Insecurity:

Any concerns about the fact that there will be no further maintenance of wail2ban?

Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

But no, you are not misunderstanding.

JaredBusch

@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

scottalanmiller

@JaredBusch said in The Myth of RDP Insecurity:

@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

We use it, too.

scottalanmiller

@JaredBusch said in The Myth of RDP Insecurity:

@NashBrydges said in The Myth of RDP Insecurity:

Any concerns about the fact that there will be no further maintenance of wail2ban?

Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

But no, you are not misunderstanding.

Definitely needs someone to pick it up and care for it. It is a great idea.

JaredBusch

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

@NashBrydges said in The Myth of RDP Insecurity:

Any concerns about the fact that there will be no further maintenance of wail2ban?

Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

But no, you are not misunderstanding.

Definitely needs someone to pick it up and care for it. It is a great idea.

There are a bunch of forks, but I wasn't going to go through them looking for updates.

wrx7m

@JaredBusch said in The Myth of RDP Insecurity:

@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

I have been using it for almost a year. The only time it has blocked someone is the same dummy that always typos his password. Probably blocked him 5 times.

wrx7m

@dafyre said in The Myth of RDP Insecurity:

Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

I use an RDGateway and RDPGuard

wrx7m

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

I am going to see if this will work for my PRTG server.

scottalanmiller

@wrx7m said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

This was mentioned in another thread once, but I feel it needs to be here also.

https://github.com/glasnt/wail2ban

I am going to see if this will work for my PRTG server.

Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)

JaredBusch

@scottalanmiller said in The Myth of RDP Insecurity:

@JaredBusch said in The Myth of RDP Insecurity:

@NashBrydges said in The Myth of RDP Insecurity:

Any concerns about the fact that there will be no further maintenance of wail2ban?

Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

But no, you are not misunderstanding.

Definitely needs someone to pick it up and care for it. It is a great idea.

Just saw this today..
https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/

Haven't read the code for how they parse the event log for fails, but no doubt this would help.