Well, it seems after these last ransomware attacks (which I have been a part of the reconstruction crew) I have learnend about other methods of connecting to remote systems. But RDP is a pretty lightweight protocol for remote connection – it works and it works well except for its vulnerability last quarter. So … if we limit HOW we get to the point that RDP is available (VPN w. certs, username, SSL, limiting firewall scope) then we can still use RDP.
But how to we secure RDP down even further? Ideally I would like it where if the certificates match – boom your in only from certain machines. SSH works like this on Unix. Here are some links to peruse that might answer this question. I will augment this article once I have cracked what I wish to accomplish (this sentence will be removed). Oh – and please do not email certificates or passwords. HUGE pet peave of mine when websites or people do this.
- (at least do this!!!) Restrict RDP Access by IP Address
- do it remembering that Dynamic IPs change – so how do you get out of trouble if your ISP changes your IP address and you get locked out?
- How to secure remote desktop connections using TLS/SSL based authentication
- Configure a certificate for Microsoft RDP (Remote Desktops Protocol)
- Securing Remote Desktop (RDP) for System Administrators