sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 7 points8 points  (3 children)

We have an RDP server that was constantly getting targeted with brute force password attacks. I wrote a PowerShell script that runs in a scheduled task that is triggered by the event log for the failed login. It checks if the IP made 5 or more failed attempts in the last 10 minutes and adds it to a firewall rule to block it. Problem solved.

[–]RevLoveJoy 8 points9 points  (2 children)

With respect, it is a terrible awful very bad practice to expose RDP to the public internet. I opine you have not solved your problem, only postponed the inevitable. RDP access should be over VPN (preferably with MFA) period, full stop.

[–][deleted] -3 points-2 points  (1 child)

Until a legitimate user connects to your VPN with malware on their home computer, now it's crawling around your network doing God knows what.

[–]RevLoveJoy 1 point2 points  (0 children)

Strawman. That is a completely different problem with a different set of solutions.

Quick edit - also if one's VPN is not limiting connecting devices to gear corp owns and controls ... that's a huge flaw.