Overview: Remote Desktop Protocol (RDP) attacks can be extremely dangerous, whether from an enterprise or a single user point of view. They are basically back-doors that allow external users to access and use a system over the Internet. Today’s trend is where attackers are performing brute force attacks against user's passwords over Remote Desktop Protocol (RDP).
Applicable Versions: UTMv2.0 and Above
Configuration Steps / Procedure:
On the Seqrite UTM, there are two methods to avoid RDP brute force attacks:
1. Use a remote access VPN and
2.White-list IP Addresses used to connect to RDP.
1.VPN
The first method is to use a VPN; this method allows administrators to limit RDP connections only to authenticated users connecting with a VPN, For more information on how to configure a VPN for remote users see How to create remote access SSL VPN and for between branch office How to establish a Site-to-Site IP-sec VPN connection using a Pre-shared key in UTM
Note: Static WAN IP required at Seqrite UTM end
2.White-list IP addresses in Port forwarding rules
This method is valid if customers do not want to use a VPN or who have a smaller environment with only a few users who need to connect via RDP.
Note: Static WAN IP required at both ends (Seqrite UTM side as well as remote network side - who will be access RDP over the Internet)
Scenario:
Create a port forwarding rule named “RDP” to access the RDP service (TCP Port:- 3389) of the local server.
Solution:
-All configurations are to be done from Web Admin Console using the “Administrator” profile in Seqrite UTM.
-To create and push down a Firewall Rule, follow the steps given below.
Steps: Navigate to Firewall > Forwarding Rules
-Enter the Mapping Name and the description for the rule.
-To make these rules active and generate the logs enable by clicking on the check-box.
-Browse or add Source Address(es) using the + (Add) icon.
In White-listed IP, Select only that static WAN IP address who will be accessed RDP over the Internet.
-Select Protocol TCP from the list has options as ALL, TCP, and UDP.
-Select External IP. External IP is the WAN interface IP address which will be used in forwarding. Public computers access this IP address.
-Select the Mapped IP by using the + (Add) icon. Mapped IP is the destination computer’s IP address to which the forwarding has to be done.
-Create a definition by entering a name, IP address and by selecting the type as shown above and click on the Save button
Note: The Remote Desktop Connection: 3389 is the default port.
For security purposes, Need to change the external port value (Create custom port for RDP service)
For more about Port Forwarding rules, you can access below KB article
How to configure port forwarding rules in UTM
Please contact Seqrite Technical Support for more assistance.