New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help securing Windows server
NewToTheGame
Member
I run a Windows server 2019 as a desktop terminal. Things have been great and I have learned quite a bit reading these forums.
However it is clear something is attacking RDP hard, so I can't login that way. I am running Cyberarms IDDS with 30 minute soft locks and 24 hour hard locks.
I was thinking to setup a openvpn access server next to secure RDP.
I would also be interested to have a GUI I can use to monitor where the attacks are coming from and what protocol so that I could proactively block them forever.
I am interested to hear any advice and if you can point me to any tutorial to help me achieve this is appreciated.
Comments
So the attack is more of a flood, many of the login attempts do not get blocked by cyberarms, I am going to assume they are using blank credentials, but those do not appear in the standard terminal services event log, not sure where you find the attackers ip
RDP Defender by Softpedia is a small software package that secures up RDP. It is free.
In later server OS', I think you need to make a change to a default setting to expose the IP in the Windows logs that Cyberarms parses. A screenshot of RDP Defender references the change.
But changing RDP port and using your home IP as the only allowed source IP and you're good. Just make sure you have a console available or another way in like Remote Utilities.
Thanks for the suggestions, Windows login audit is on, but blank credentials don't show in the to event log. Firewall logging is on as well, I will keep looking
Everything but the port number has been changed, cyberarms IDDS is already running.
Cyberarms technically isn't a firewall itself, it uses Windows logs to add rules to the built-in Windows firewall rules.
Could anyone recommend a free net Monitor for Windows?, I need to see ip, protocol, port and data Rx TX, that way I can analyze what is going on
You mean Wireshark?