Ways of making RDP more secure on a Windows 7 desktop

Windoog

New member
Local time
2:57 PM
Messages
13
Hi, and yes I have searched and followed several guides for making RDP more secure.

BUT... yes, there is always a but... I have been blocking several attempts from chinese ips (strangely quite a few from there) to brute force my station. I have an old Netgear soho router that logs every entry of the firewall rule for RDP.

I even routed the default port to another, but even setting the router to stealth mode doesn't prevent the attackers from doing a port scan (something that's weird, even I have set it so it doesn't respond to ping but they still keep finding ways)

I have even disable both admin and guest accounts, and created an admin account with a non standard name (quite non standard), but still is bothersome seeing the logs on failed attemps from time to time on both router and event viewer on the machine.

I have though on 2FA but I don't know how would that work with the default RDP client that comes with Windows, or even if there is any solution that could be opensource?

Any ideas?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Professional x86 SP1Intel Core I5 45702Gb DDR3nVidia GeForce 210
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Buil
OS
Windows 7 Professional x86 SP1
CPU
Intel Core I5 4570
Motherboard
Gigabyte B85m-D3H v.1
Memory
2Gb DDR3
Graphics Card(s)
nVidia GeForce 210
Hard Drives
Hitachi HDS721050CLA362
SAMSUNG HD321KJ
SAMSUNG HD400LJ
ST3500418AS
WDC WD3200AAJS-00B4A0
PSU
Chinese
Case
Chinese
Cooling
Oem
Internet Speed
Slow
Antivirus
Avast Free
Browser
Firefox, Chrome, and IE
On the router port forward the port's to a fixed IP that is not used that way it goes no where
 

My Computer My Computer

At a glance

win 8 32 bit
Computer type
PC/Desktop
OS
win 8 32 bit
Contact your ISP and see if they will disable the attack from the internet side or completely disable rdp and use something else like logmein.
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
The first question that came to mind is, do you really need RDP access over internet to your computer? If not, the answer is simple, block the port on router and firewall and move on, you won't be attacked again.

But if you're here I guess you actually need it :p
What you describe is not RDP being insecure or a misconfiguration or a bug. What you're seeing is an inevitable consequense of being exposed to internet, you must expect being probed and brute forced. Internet is an hostile place, with attackers all over the place, and that kind of attack is a rudimentary one.
Most likely, these come from automated bots that try common password combinations on open ports, and then move on to the next target, hoping that someone left a default password there. This is normal and there is nothing to worry about, as long as you've took the basic security measures.


I even routed the default port to another, but even setting the router to stealth mode doesn't prevent the attackers from doing a port scan (something that's weird, even I have set it so it doesn't respond to ping but they still keep finding ways)

Disabling ping has nothing to do with port scans, they're separate protocols. A successful ping doesn't means that there is a service alive, and a failed one doesn't means that there isn't anything alive there. A port scan is trivial to do and you can't prevent it from happening.
I don't know what do you mean by "set the router to stealth". If you want to connect from outside, you need an open port, and it can be found by anyone who really wants.


I have even disable both admin and guest accounts, and created an admin account with a non standard name (quite non standard), but still is bothersome seeing the logs on failed attemps from time to time on both router and event viewer on the machine.

This has no effect on anyone wanting to attack you, they'll still try the default user/password and the most common ones before moving on, as they don't know your change. Moreover, renaming user accounts is at best security by obscurity (usernames are always meant to be public). Instead create good passwords for every exposed account so guessing becomes infeasible, created and stored by a password manager.
Also, try dening RDP access to any admin account, in the event of a breach they're way more problematic. Use a standard one and use UAC to elevate within the session when needed.


I have though on 2FA but I don't know how would that work with the default RDP client that comes with Windows, or even if there is any solution that could be opensource?

I'm not aware of any option, as RDP and its Windows implementation are proprietary. But if you feel safer, a VPN or SSH tunnel could provide an extra layer of isolation, and some offer more autenthication options. Of course, you'll end up exposing those instead of RDP, and the brute force on them will likely be there.


Contact your ISP and see if they will disable the attack from the internet side or completely disable rdp and use something else like logmein.

ISPs don't control the internet and can't stop it from happening. At most they could firewall it out, but so can the OP do on his router or computer.
Using "something else" brings the very same thing, just over another server. Random bots over internet will still probe the whole net and find and try to breach that too. Such change won't stop that. Instead, focus on having a strong password.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
You can try changing the listening port. https://support.microsoft.com/en-us/help/306759/how-to-change-the-listening-port-for-remote-desktop

If you do that when you connect you will need to do so as follows: ip:port. For example 192.168.0.xxx:5555. Please note that I have never tried this but I have seen servers configured like this. Before you choose a port you might want to check out this list of ports that way you will know what not to use. For one thing if you use a common port it's more likely to be scanned by the evil bots on the net and for another thing you don't want to interfere with other processes on your system. You don't want to use 3389 because it is default port for RDP. You also don't want to use 80 or 443 because those are used by your browser and will interfere with your internet. 65535 is the highest port number that you can use. List of TCP and UDP port numbers - Wikipedia
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
Back
Top