The Myth of RDP Insecurity
-
@JaredBusch said in The Myth of RDP Insecurity:
@scottalanmiller said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
This was mentioned in another thread once, but I feel it needs to be here also.
Anyone got a guide to working with that with RDS?
No, I was just trying to link solutions for someone and remembered it from another thread.
Cool, well it is a start. Good passwords, good RDP patching, wail2ban... should make RDP a lot more secure with relatively little effort, in theory.
-
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
-
@NashBrydges Yeah seems like a dead project to me as well. All of the forks are also at least 10 months out of date as well.
-
Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.
-
@NashBrydges said in The Myth of RDP Insecurity:
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.
But no, you are not misunderstanding.
-
@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.
-
@JaredBusch said in The Myth of RDP Insecurity:
@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.
We use it, too.
-
@JaredBusch said in The Myth of RDP Insecurity:
@NashBrydges said in The Myth of RDP Insecurity:
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.
But no, you are not misunderstanding.
Definitely needs someone to pick it up and care for it. It is a great idea.
-
@scottalanmiller said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
@NashBrydges said in The Myth of RDP Insecurity:
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.
But no, you are not misunderstanding.
Definitely needs someone to pick it up and care for it. It is a great idea.
There are a bunch of forks, but I wasn't going to go through them looking for updates.
-
@JaredBusch said in The Myth of RDP Insecurity:
@dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.
I have been using it for almost a year. The only time it has blocked someone is the same dummy that always typos his password. Probably blocked him 5 times.
-
@dafyre said in The Myth of RDP Insecurity:
Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.
I use an RDGateway and RDPGuard
-
@JaredBusch said in The Myth of RDP Insecurity:
This was mentioned in another thread once, but I feel it needs to be here also.
I am going to see if this will work for my PRTG server.
-
@wrx7m said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
This was mentioned in another thread once, but I feel it needs to be here also.
I am going to see if this will work for my PRTG server.
Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)
-
@scottalanmiller said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
@NashBrydges said in The Myth of RDP Insecurity:
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.
But no, you are not misunderstanding.
Definitely needs someone to pick it up and care for it. It is a great idea.
Just saw this today..
https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/Haven't read the code for how they parse the event log for fails, but no doubt this would help.
-
@JaredBusch said in The Myth of RDP Insecurity:
@scottalanmiller said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
@NashBrydges said in The Myth of RDP Insecurity:
Any concerns about the fact that there will be no further maintenance of wail2ban?
Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?
It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.
But no, you are not misunderstanding.
Definitely needs someone to pick it up and care for it. It is a great idea.
Just saw this today..
https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/Haven't read the code for how they parse the event log for fails, but no doubt this would help.
Excellent
-
@scottalanmiller said in The Myth of RDP Insecurity:
@wrx7m said in The Myth of RDP Insecurity:
@JaredBusch said in The Myth of RDP Insecurity:
This was mentioned in another thread once, but I feel it needs to be here also.
I am going to see if this will work for my PRTG server.
Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)
So that was a deal-breaker for them?
-
Looks like wail2ban probably isn't multithreaded, though if someone is hammering the server with login attempts it should still do the trick, just might not hit the lockout threshold as fast.
-
I've been dreaming of creating my own RD gateway authentication plugin - but I doubt I will ever find the time.
