In reply to a post by youngsyp:

I neglected to mention, a stipulation of the access via RDP is a username and password and user specific access, to the target machine, needs to be granted. Yet more details a potential attacker would need to know...

Nice try, no banana.

As well as brute force password guessing with common usernames, vulnerabilities in the RDP protocol regularly surface. All it needs is for an attacker to exploit one of these before Microsnot has issued a patch.

If you're still running Windoze XP, and millions around the world still are, you probably won't get that patch any more.

See http://searchsecurity.techtarget.com/guides/Is-RDP-s...

Even operating systems at recent as 8.1 had vulnerabilities in RDP as recently as a few weeks ago; http://www.tripwire.com/state-of-security/vulnerabil...

In reply to a post by caffn8me:

It all happens very, very quickly and entirely without human intervention.

As if to prove the point, my firewall monitor shows that a few minutes ago there was an attempt to flood one of my mail servers with spam. Two separate computers - one in Thailand (203.156.91.231) and the other in Vietnam (123.18.254.37) were, between them, attempting to send spam one hundred and sixty times per second. The firewall's SMTP proxy blocked it all before it got to my mail server because of errors in the spammer's use of SMTP protocol. Had it not been stopped by the firewall, the mail server would have throttled it.

I would strongly suggest that at the very least, the port RDP runs on should be changed - as Ignitionnet says. Better still, if you know where you are going to be connecting from externally, see if you can configure firewall rules to allow access only from those locations.

Good for you, it sounds like you have everything in hand.

Paul

In reply to a post by caffn8me:

In reply to a post by caffn8me:

It all happens very, very quickly and entirely without human intervention.

As if to prove the point, my firewall monitor shows that a few minutes ago there was an attempt to flood one of my mail servers with spam. Two separate computers - one in Thailand (203.156.91.231) and the other in Vietnam (123.18.254.37) were, between them, attempting to send spam one hundred and sixty times per second. The firewall's SMTP proxy blocked it all before it got to my mail server because of errors in the spammer's use of SMTP protocol. Had it not been stopped by the firewall, the mail server would have throttled it.

My server runs IP space blocks, which helps the spam reject CPU load.

I would strongly suggest that at the very least, the port RDP runs on should be changed - as Ignitionnet says. Better still, if you know where you are going to be connecting from externally, see if you can configure firewall rules to allow access only from those locations.

Many modern Windows versions make it hard to change the RDP port actually on the box. I always advise friends to invest in a VPN router, and ensure they keep the router patched, and use VPN from their mobile device and then connect to their home PC or NAS server or whatever it is.

In reply to a post by jchamier:

My server runs IP space blocks, which helps the spam reject CPU load.

Good plan I have some IP ranges blocked too.

In reply to a post by jchamier:

Many modern Windows versions make it hard to change the RDP port actually on the box. I always advise friends to invest in a VPN router, and ensure they keep the router patched, and use VPN from their mobile device and then connect to their home PC or NAS server or whatever it is.

Always a good idea.