3

Since people are getting unauthorized access to my Windows Server (bruteforced over several months..), I'd like to set up a whitelist for RDP access.

I have tried the following with Windows Firewall inbound rules:

http://i.imgur.com/mpb8D.png

This still allows other users to connect through RDP. Is there any way to block such unauthorized access through a whitelist?

EDIT: The firewall is enabled, and it's the only firewall running on the machine. Rules like allowing port 80 traffic behave correctly.

Tgys
  • 163
  • 1
  • 1
  • 5

2 Answers2

4

Check to make sure that the rule is enabled:

enter image description here

Furthermore, restrict login attempts to five or less before an account is locked out for an hour or more. You can also change your RDP port to lessen the risk from scripted attacks (security through obscurity has gotten a poor reputation that is undue).

Also, choose passwords that are better. A network-borne attack should take theoretical centuries to brute force even a relatively basic password. Consider the use of pass-phrases. twasbrilligandtheslithytoves, halfaleagueonward, or other memorable literary references are all around better than kF4^1*wi.

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • The rule is enabled. Besides that, I'm fairly sure this was a targetted attack. I also had a service running which blocked 10 failed login attempts for 24 hours, but the attack came from over 2500 ip's in the end. Of course I have set the password to something more secure now. Thanks for the advice. - I am still really looking for a whitelist to eliminate anything related to unauthorized access, or even attemps to. – Tgys Dec 15 '12 at 22:16
  • @Tgys Silly questions: Is the firewall enabled? Is the service on? Do any other firewall rules appear to work? Are there any other software firewalls installed on the server? – Wesley Dec 15 '12 at 22:26
  • Respectively: Yes. - What service? RDP? Yes. - Yes, since port 80 got "opened" through through the firewall. - No. – Tgys Dec 16 '12 at 10:40
2

It seems like I had another RDP-related (in fact, it was seemingly the same) rule in the firewall which simply allowed all IP's. After I disabled that rule everything worked as intended.

Tgys
  • 163
  • 1
  • 1
  • 5