How to secure Remote Desktop Protocol (RDP)

This discussion has a more recent version.
Customer_CareCustomer_Care Posts: 548 F-Secure Employee

Issue:

  • RDP Brute Force attack performed and Ransomware encrypted system or files
  • Technique commonly used by Crysis, Dharma, GandCrab ransomware.

Resolution:

  • Use strong and long passwords
    • To avoid brute force attack on RDP, avoid using Dictionary word and simple password. Always use long password with combination of Uppercase letters, Lowercase letters, numbers and special characters.
  • Limit number of attempts
    1. Go to Start-->Programs-->Administrative Tools-->Local Security Policy
    2. Under Account Policies-->Account Lockout Policies
    3. Account lockout threshold -> Set between 3 to 5
    4. Account lockout duration -> Ideally set more than 5 minutes
  • Only allow user accounts requiring RDP service
  1. Go to Start-->Programs-->Administrative Tools-->Local Security Policy
  2. Under Local Policies-->User Rights Assignment-->Allow logon through Remote Desktop Services
  3. Add or Remove the User accounts or groups which require RDP service

Article no: 000005204

Sign In or Register to comment.