How to protect RDP access from brute-force attacks

When you have a server in the cloud, it's important to keep in mind its security, regarding a Windows server, it's important to protect the RDP access.

There are several options in order to do that:

• Limiting access by IP, connecting to the server through a VPN
• Changing the RDP ports 
• Using software such as RDPGuard or IPBAN

Below we detail the different options so that you can implement them on your servers.

Limiting access by IP

To limit the access by IP you have to access the client panel and  click on the name of the server you want to limit by IP.

Then click on "Network" and the pencil icon and select "edit".

Find the rules that affect port 3389 and disable them.

Once disabled, click on the "+" icon to add a new rule.

Select "Custom Rule" and click on the "+" icon to start filling in the information for the rule you want to add.

Fill in the data as shown in the image below, changing the Source IP by the one chosen by you. You'll only be able to acces to the server throuh this IP. Once you've filled in the information, click on "Submit".

Once added, you can see that it shows on the Firewall rules.

At this point you'll only be able to connect through the IP you've inserted. In this example, it's  "37.223.80.236" IP.

Connect to the cloud server through a VPN

One of the most effective ways to protect RDP access is to create a server with the VPN role and then connect to the server using the internal network. The internal network is available when you have two or more servers.

To set up a VPN on in Clouding server, please, check the following article:

Link to articles to install a VPN.

Once you have the VPN installed, you must allow the connection from the public or private IP of your VPN server in the firewall of the server you want to protect access by RDP.

Change RDP ports

To change the port used by RDP, click on the start button, type "regedit" and click on "Run command".

Once regedit is open, scroll through the folders until you reach the path "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\". Click on the folder "RDP-Tcp" and look for the variable "PortNumber". Double-click on the variable and click on "Base" select "Decimal". finally in "Value Data" change the port to the one you want and click "OK".

Restart the servers in order to apply the changes:

Once the server is restarted and the ports are open, when connecting via remote desktop, add the port at the end of the IP as follows: 185.254.206.76:4489.

RdpGuard

To protect your Windows server from brute-force attacks, there are softwares such as RdpGuard that help you mitigate these attacks. In this case, having properly configured RdpGuard, it protects you from the following protocols: RDP, FTP, IMAP, POP3, SMTP, MySQL, MS-SQL, IIS Web Login, ASP. NET Web Forms, MS Exchange, RD Web Access, VoIP / SIP, etc.

To install RdpGuard, download the installer at the following URL: https://rdpguard.com/download.aspx.

Once downloaded, run it and follow the process as shown in the images below:

Once RdpGuard is installed, a new window is shown and, by default, RDP protection is enabled.

IPBAN

The IPBAN program is an alternative to RdpGuard with a similar functionality and a free version, but without a graphical interface. So, just like RdpGuard, it blocks fraudulent login attempts through RDP.