Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Ways of making RDP more secure on a Windows 7 desktop

25 Jul 2018   #1
Windoog

Windows 7 Professional x86 SP1
 
 
Ways of making RDP more secure on a Windows 7 desktop

Hi, and yes I have searched and followed several guides for making RDP more secure.

BUT... yes, there is always a but... I have been blocking several attempts from chinese ips (strangely quite a few from there) to brute force my station. I have an old Netgear soho router that logs every entry of the firewall rule for RDP.

I even routed the default port to another, but even setting the router to stealth mode doesn't prevent the attackers from doing a port scan (something that's weird, even I have set it so it doesn't respond to ping but they still keep finding ways)

I have even disable both admin and guest accounts, and created an admin account with a non standard name (quite non standard), but still is bothersome seeing the logs on failed attemps from time to time on both router and event viewer on the machine.

I have though on 2FA but I don't know how would that work with the default RDP client that comes with Windows, or even if there is any solution that could be opensource?

Any ideas?


My System SpecsSystem Spec
.
25 Jul 2018   #2
samuria

win 8 32 bit
 
 

On the router port forward the port's to a fixed IP that is not used that way it goes no where
My System SpecsSystem Spec
27 Jul 2018   #3
townsbg

Windows 7 pro 64-bit sp 1
 
 

Contact your ISP and see if they will disable the attack from the internet side or completely disable rdp and use something else like logmein.
My System SpecsSystem Spec
.

27 Jul 2018   #4
Alejandro85

Windows 7 Ultimate x64
 
 

The first question that came to mind is, do you really need RDP access over internet to your computer? If not, the answer is simple, block the port on router and firewall and move on, you won't be attacked again.

But if you're here I guess you actually need it
What you describe is not RDP being insecure or a misconfiguration or a bug. What you're seeing is an inevitable consequense of being exposed to internet, you must expect being probed and brute forced. Internet is an hostile place, with attackers all over the place, and that kind of attack is a rudimentary one.
Most likely, these come from automated bots that try common password combinations on open ports, and then move on to the next target, hoping that someone left a default password there. This is normal and there is nothing to worry about, as long as you've took the basic security measures.


Quote   Quote: Originally Posted by Windoog View Post
I even routed the default port to another, but even setting the router to stealth mode doesn't prevent the attackers from doing a port scan (something that's weird, even I have set it so it doesn't respond to ping but they still keep finding ways)
Disabling ping has nothing to do with port scans, they're separate protocols. A successful ping doesn't means that there is a service alive, and a failed one doesn't means that there isn't anything alive there. A port scan is trivial to do and you can't prevent it from happening.
I don't know what do you mean by "set the router to stealth". If you want to connect from outside, you need an open port, and it can be found by anyone who really wants.


Quote   Quote: Originally Posted by Windoog View Post
I have even disable both admin and guest accounts, and created an admin account with a non standard name (quite non standard), but still is bothersome seeing the logs on failed attemps from time to time on both router and event viewer on the machine.
This has no effect on anyone wanting to attack you, they'll still try the default user/password and the most common ones before moving on, as they don't know your change. Moreover, renaming user accounts is at best security by obscurity (usernames are always meant to be public). Instead create good passwords for every exposed account so guessing becomes infeasible, created and stored by a password manager.
Also, try dening RDP access to any admin account, in the event of a breach they're way more problematic. Use a standard one and use UAC to elevate within the session when needed.


Quote   Quote: Originally Posted by Windoog View Post
I have though on 2FA but I don't know how would that work with the default RDP client that comes with Windows, or even if there is any solution that could be opensource?
I'm not aware of any option, as RDP and its Windows implementation are proprietary. But if you feel safer, a VPN or SSH tunnel could provide an extra layer of isolation, and some offer more autenthication options. Of course, you'll end up exposing those instead of RDP, and the brute force on them will likely be there.


Quote   Quote: Originally Posted by townsbg View Post
Contact your ISP and see if they will disable the attack from the internet side or completely disable rdp and use something else like logmein.
ISPs don't control the internet and can't stop it from happening. At most they could firewall it out, but so can the OP do on his router or computer.
Using "something else" brings the very same thing, just over another server. Random bots over internet will still probe the whole net and find and try to breach that too. Such change won't stop that. Instead, focus on having a strong password.
My System SpecsSystem Spec
29 Jul 2018   #5
townsbg

Windows 7 pro 64-bit sp 1
 
 

You can try changing the listening port. https://support.microsoft.com/en-us/...remote-desktop

If you do that when you connect you will need to do so as follows: ip:port. For example 192.168.0.xxx:5555. Please note that I have never tried this but I have seen servers configured like this. Before you choose a port you might want to check out this list of ports that way you will know what not to use. For one thing if you use a common port it's more likely to be scanned by the evil bots on the net and for another thing you don't want to interfere with other processes on your system. You don't want to use 3389 because it is default port for RDP. You also don't want to use 80 or 443 because those are used by your browser and will interfere with your internet. 65535 is the highest port number that you can use. List of TCP and UDP port numbers - Wikipedia
My System SpecsSystem Spec
Reply

 Ways of making RDP more secure on a Windows 7 desktop




Thread Tools




Similar help and support threads
Thread Forum
USB Desktop Fan is making my Microsoft Wired Mouse Lag
The desktop USB fan I am using when turned on has started to cause the mouse cursor to lag. I would like to know what the reason is behind this. Should I just get a new mouse?
Hardware & Devices
How secure is Remote Desktop over the Internet?
Hi all, I am connected to the Internet through a router and I just learned how to properly configure Remote Desktop and port forwarding so that I can access my computer from outside over IP. However, and since I have a small home network, this causes me some doubts in what concerns both the...
Network & Sharing
Trying to find a way to script making these icons on the desktop.
hello all, For: Windows 7 professional x64 My boss wants me to find a way to add these specfic icons to the desktop (see pic) with a script. I know how to make shortcuts with command line with mklink but these are not .lnk files that he wants. the pic shows how we do this manually when I...
Customization
Cannot access Secure Desktop registry key
Somehow Secure Desktop - the dimming of the screen in conjunction with a UAC prompt - was turned off on my laptop. I learned that it can be toggled in the registry at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System However when I try to access that key I get: "System...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:05.
Twitter Facebook Google+