How a computer is used, of course, always depends on what the user wants to do and from where they need to be able to access it. For smaller and, of course, larger companies, the employee is often not provided with a computer, but a laptop with access to a remote desktop. This has the advantage that you can log in directly to your workplace from any computer or laptop and work in the same way as if the user is sitting directly in the office.
In addition to the convenient aspect, however, the administrator must also keep an eye on the security of remote desktop access at the latest. Because if the server is accessible to the outside world, i.e. on the Internet, you get a way to the server not only as a user, but also hackers, worms or other malware as well as bots.
If we take a Windows server as an example, we also have access to the supplied Windows Firewall. This firewall allows us to create certain rules, control users and access, and also block or share IP addresses.
All of these settings can secure the Windows server as much as possible. The prerequisite, of course, is that you are familiar with The Windows Firewall and that you also know how security mechanisms work in the server.
However, the biggest task is to always keep an eye on all log files and block these attackers in the event of attacks. Of course, no human being can do this, but you need a special software that analyzes and evaluates all log files and then locks them out of the system according to the predetermined rule.
In this case, I'm talking about RDPGuard, a software that offers exactly where the above function is.
How does it all work? That's pretty easy to explain. Anyone who knows the Fail2Ban software on Linux will immediately see the similarity. The software runs as a service in the background, analyzes the log files, and if several failed login attempts are detected, this IP address is automatically blocked.
In addition, you have the possibility to get IP addresses blocked by other users in order to be able to block already known attackers in advance. In addition, there is a large list of IP addresses, which is categorized by country point Point With which you have the possibility to simply block certain countries even in advance.
The following protocols can be blocked and monitored:
RD Web Access
In the settings you have the possibility to specify how much unsuccessful logins the attacker should be blocked and how long it should be blocked.
basically, once you have installed and configured the software, you have no further work to do with it. You can occasionally take a look at the blocked list and check that the service is running correctly. There is also a whitelist that allows you to activate IP addresses in general, so that they are never blocked.
This is very important because if the user accidentally uses his old password and is blocked, he or she will no longer be able to access the remote server from this access. In this case, you can use e.b. a proxy or a VPN, with fixed IP address, which is stored in the whitelist point so then the user or in the optimal case only the administrator, can always access the remote server and release the blocked user again.
RdpGuard is, in my opinion, a must have, because it is installed and configured very quickly and then, when it is running, does no further work. Even the less savvy users have the possibility to protect their system from unauthorized access.
The price for this software is 79.95 USD and is unlimited and can be used for an unlimited length, includes one year software updates and also one year the cloud function with the huge IP database, sorted by country.