B
B
Bohdan Zadorozhniy2021-06-14 14:36:26
Mikrotik
Bohdan Zadorozhniy, 2021-06-14 14:36:26

How to make a secure connection via RDP?

Please tell me how you can protect the connection via RDP, the white list is not suitable
How to do it in order to put non-standard ports on the connection, but block those who will monitor on standard ports?
Mikrotik device, or tell me which articles to read, thanks to everyone who answered.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
Denis Melnikov, 2021-06-14
@Jektion

Put a non-standard port in NAT
And everything else in FW, if port 3389 is scanned, add it to ACL, after that you drop the same ACL.
The second option is a VPN.
The third option is an RDP gateway and port 443 or custom.
This is your custom port.

 /ip firewall nat> add chain=dstnat protocol=tcp in-interface=ether1 port=33389 action=dst-nat to-addresses=192.168.192.
168 to-ports=3389

here added to ACL and block
//Блочим всех кто в списке
 /ip firewall filter> add chain=input address-list=block action=drop 

//Добавим в список того, кто по новым соединениям собрался на 3389 
 /ip firewall filter> add dst-port=3389 connection-state=new in-interface=ether1 action=add-dst-to-address-list address-
list=block chain=input

S
Sasha Odarchuk, 2021-06-14
@Fanta

Your case can be solved in different ways (besides what has already been advised)
option 1: Remote Desktop Gateway
option 2: MFA

D
d-stream, 2021-06-14
@d-stream

I would arrange it according to "decency" like this:
1. RDS Gateway and / or vpn to taste (anyconnect, ipsec + l2tp, etc.)
2. vpn to taste (anyconnect, ipsec + l2tp, etc.)
hide port in non-standard ones - well, it’s from
shkolota , perhaps, although now
shkolota doesn’t scan with his hands = bots from different addresses scan all ranges of ports, at first known ports at most to the ports involved (telnet, ftp, ssh, sql, mysql, sip, etc.)
, as a result, the bot poked into the port from the list - without having time to get a response, it dropped and got into the list and there is no more response even from the "correct" ports.
On Mikrotik, these are actually two lines:
input rule if src addr is in the blacklist
input rule with the action add src to list - put in the blacklist
I have about 2-4 thousand addresses hanging on this sweet stick with a cleaning period of 10 days
ps , forgetting to specify the port and rest)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question