Overview


Remote Desktop Protocol (RDP) attacks can be extremely dangerous, whether from an enterprise or a single user point of view. They are basically back-doors which allow external users to access and use a system over the Internet. Today’s trend where attackers are performing brute force attacks against users passwords over the Remote Desktop Protocol (RDP).


What to do


On the Seqrite UTM, there are two methods to avoid RDP brute force attacks:


1. Use a remote access VPN 

2. White-list IP Addresses used to connect to RDP.


VPN

This method allows administrators to limit RDP connections only to authenticated users connecting with a VPN, Please check Link http://esupport.seqrite.com/support/solutions/articles/23000014743-how-to-create-remote-access-ssl-vpn-for-windows-system- to configure SSL remote VPN


Note: Static WAN IP required at Seqrite UTM end 


White-list IP addresses in Port forwarding rules


This method is valid if customers do not want to use a VPN or who have a smaller environment with only a few users who need to connect via RDP.


Note: Static WAN IP required at both end (Seqrite UTM side as well as remote network side - who will be access RDP over the Internet)


Scenario:

Create a port forwarding rule named “RDP” to access RDP service (TCP Port:- 3389) of the local server.

 




Configuration:


Navigate to Firewall > Forwarding Rules  


  • Enter the Mapping Name and the description for the rule.
  • To make these rule active and generate the logs enable by clicking on the checkbox.
  • Browse or add Source Address(es) using the + (Add) icon.



  • Select Protocol TCP from the list has options as ALL, TCP and UDP.
  • Select External IP. External IP is the WAN interface IP address which will be used in forwarding. Public computers access this IP address.
  • Select the Mapped IP by using + (Add) icon. Mapped IP is the destination computer’s IP address to which the forwarding has to be done.
  • Mapped IP will appear and then apply the setting. 




For security purposes, you can use a custom external port.


Please contact Seqrite Technical Support for more assistance.