ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    The Myth of RDP Insecurity

    Scheduled Pinned Locked Moved IT Discussion
    rdpvpnsecurity
    103 Posts 18 Posters 15.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NashBrydgesN
      NashBrydges
      last edited by

      Any concerns about the fact that there will be no further maintenance of wail2ban?

      Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

      DustinB3403D JaredBuschJ 2 Replies Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @NashBrydges
        last edited by

        @NashBrydges Yeah seems like a dead project to me as well. All of the forks are also at least 10 months out of date as well.

        1 Reply Last reply Reply Quote 0
        • dafyreD
          dafyre
          last edited by

          Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

          JaredBuschJ wrx7mW 2 Replies Last reply Reply Quote 1
          • JaredBuschJ
            JaredBusch @NashBrydges
            last edited by

            @NashBrydges said in The Myth of RDP Insecurity:

            Any concerns about the fact that there will be no further maintenance of wail2ban?

            Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

            It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

            But no, you are not misunderstanding.

            scottalanmillerS 1 Reply Last reply Reply Quote 1
            • JaredBuschJ
              JaredBusch @dafyre
              last edited by

              @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

              scottalanmillerS wrx7mW 2 Replies Last reply Reply Quote 3
              • scottalanmillerS
                scottalanmiller @JaredBusch
                last edited by

                @JaredBusch said in The Myth of RDP Insecurity:

                @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

                We use it, too.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @JaredBusch
                  last edited by

                  @JaredBusch said in The Myth of RDP Insecurity:

                  @NashBrydges said in The Myth of RDP Insecurity:

                  Any concerns about the fact that there will be no further maintenance of wail2ban?

                  Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                  It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                  But no, you are not misunderstanding.

                  Definitely needs someone to pick it up and care for it. It is a great idea.

                  JaredBuschJ 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @scottalanmiller
                    last edited by

                    @scottalanmiller said in The Myth of RDP Insecurity:

                    @JaredBusch said in The Myth of RDP Insecurity:

                    @NashBrydges said in The Myth of RDP Insecurity:

                    Any concerns about the fact that there will be no further maintenance of wail2ban?

                    Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                    It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                    But no, you are not misunderstanding.

                    Definitely needs someone to pick it up and care for it. It is a great idea.

                    There are a bunch of forks, but I wasn't going to go through them looking for updates.

                    1 Reply Last reply Reply Quote 0
                    • wrx7mW
                      wrx7m @JaredBusch
                      last edited by wrx7m

                      @JaredBusch said in The Myth of RDP Insecurity:

                      @dafyre RDPGurd is a paid solution and a good one. I used it a long time ago and it worked great.

                      I have been using it for almost a year. The only time it has blocked someone is the same dummy that always typos his password. Probably blocked him 5 times.
                      cd451066-7b8d-4714-b8f0-0f1a743ffaaa-image.png

                      1 Reply Last reply Reply Quote 0
                      • wrx7mW
                        wrx7m @dafyre
                        last edited by

                        @dafyre said in The Myth of RDP Insecurity:

                        Seems like RDPGuard is probably the best bet for that. If you want to prevent exposing port 3389 to the internet, then set up an RD Gateway (It can be run on any of the servers in your RDS setup). You can restrict what servers users have access to, so that johnny whose password is Wants2play! can only access his desktop, or a single server that he should have access to.

                        I use an RDGateway and RDPGuard

                        1 Reply Last reply Reply Quote 1
                        • wrx7mW
                          wrx7m @JaredBusch
                          last edited by

                          @JaredBusch said in The Myth of RDP Insecurity:

                          This was mentioned in another thread once, but I feel it needs to be here also.

                          https://github.com/glasnt/wail2ban

                          I am going to see if this will work for my PRTG server.

                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @wrx7m
                            last edited by

                            @wrx7m said in The Myth of RDP Insecurity:

                            @JaredBusch said in The Myth of RDP Insecurity:

                            This was mentioned in another thread once, but I feel it needs to be here also.

                            https://github.com/glasnt/wail2ban

                            I am going to see if this will work for my PRTG server.

                            Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)

                            wrx7mW 1 Reply Last reply Reply Quote 1
                            • JaredBuschJ
                              JaredBusch @scottalanmiller
                              last edited by

                              @scottalanmiller said in The Myth of RDP Insecurity:

                              @JaredBusch said in The Myth of RDP Insecurity:

                              @NashBrydges said in The Myth of RDP Insecurity:

                              Any concerns about the fact that there will be no further maintenance of wail2ban?

                              Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                              It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                              But no, you are not misunderstanding.

                              Definitely needs someone to pick it up and care for it. It is a great idea.

                              Just saw this today..
                              https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/

                              Haven't read the code for how they parse the event log for fails, but no doubt this would help.

                              scottalanmillerS 1 Reply Last reply Reply Quote 3
                              • scottalanmillerS
                                scottalanmiller @JaredBusch
                                last edited by

                                @JaredBusch said in The Myth of RDP Insecurity:

                                @scottalanmiller said in The Myth of RDP Insecurity:

                                @JaredBusch said in The Myth of RDP Insecurity:

                                @NashBrydges said in The Myth of RDP Insecurity:

                                Any concerns about the fact that there will be no further maintenance of wail2ban?

                                Hasn't seen any updates in over a year and doesn't look like there will be any to come. Am I misunderstanding what this means?

                                It is a powershell script that looks at windows event logs. So the biggest concerns are Event logs changing or the method of banning an IP (uses the windows firewall) from RDP getting changed by Microsoft.

                                But no, you are not misunderstanding.

                                Definitely needs someone to pick it up and care for it. It is a great idea.

                                Just saw this today..
                                https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/

                                Haven't read the code for how they parse the event log for fails, but no doubt this would help.

                                Excellent

                                1 Reply Last reply Reply Quote 0
                                • wrx7mW
                                  wrx7m @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in The Myth of RDP Insecurity:

                                  @wrx7m said in The Myth of RDP Insecurity:

                                  @JaredBusch said in The Myth of RDP Insecurity:

                                  This was mentioned in another thread once, but I feel it needs to be here also.

                                  https://github.com/glasnt/wail2ban

                                  I am going to see if this will work for my PRTG server.

                                  Nice, PRTG reached out to us about sponsoring the community, too. But they weren't familiar with online advertising processes and aren't sure that they can do it. But it was nice that they thought of us (they thought that it worked by us joining some ad network, um, that's not how this works, LMAO.)

                                  So that was a deal-breaker for them?

                                  1 Reply Last reply Reply Quote 0
                                  • F
                                    flaxking
                                    last edited by

                                    Looks like wail2ban probably isn't multithreaded, though if someone is hammering the server with login attempts it should still do the trick, just might not hit the lockout threshold as fast.

                                    1 Reply Last reply Reply Quote 1
                                    • F
                                      flaxking
                                      last edited by

                                      I've been dreaming of creating my own RD gateway authentication plugin - but I doubt I will ever find the time.

                                      1 Reply Last reply Reply Quote 0
                                      • 1
                                      • 2
                                      • 3
                                      • 4
                                      • 5
                                      • 6
                                      • 5 / 6
                                      • First post
                                        Last post