Hi all. I'm seeing a lot of security articles this past year or more about how RDP is being attacked so much. From a risk assessment standpoint I'm trying to understand what is 'reallY' happening, and then had some questions.
So first, all the articles talk about RDP hosts being hacked into via brute force attempts. Also, not one article that I've seen yet, makes ny mention of what people are doing to improve the situation.
My scenario is I manage the occasional server, low-level small business stuff so there are no multi-server environemnt, no budget for RDS licensing, etc. It's all RDP for me, the server admin, to get on there and do single-server tasks in non-AD environments.
That said, here's my questions:
- How the heck can anyone brute force an RDP host - has MS not yet implemented any kind of lock-out time-delay mechanism?
- I typically have a port forward on the site Internet gateway to listen on a different port than 3389, then forward to the internal server. Assuming port scans are not being done thru the whole TCP range, I imagine this is ok? Granted I realize you can port scan from a botnet so your router would have to be able to detect anomalies and not just repeated attempts from the same IP, but let's assume there is no port scan mitigation in place.
- Under WS2016 Standard host, from a Win 10 Pro client, is the session encryption good?
- Lastly are there any recommended configuration options or white papers I should review to set RDP up so that it is secure enough to satisfy real world security needs? I don't mean is it hack-proof as nothing ever is, but "good enough".
And maybe one last question: if the answer is "dump RDP man", well, are there any recommendations for a stand-alone solution for remote access to client machines, but that also does servers? TeamViewer does not do servers it seems.
Thanks!