Answer the question
In order to leave comments, you need to log in
Is Windows Server 2008 R2 completely secure against threats on the local network?
Good afternoon.
A terminal server on WIndows Server 2008 R2 is running on the corporate network.
Access to it is obtained through OpenVPN, that is, it does not look at the Internet in any way.
Recently, the question was raised about the security of this terminal server at the level of access from client computers.
The crux of the matter is that, hypothetically, on a client computer (let's say a personal laptop) that connects via OpenVPN to a corporate network, there may be malware that can try to somehow "break" the RDP protocol or other services on this Windows machine. How can you properly organize the protection of this car (especially considering that it runs on an old version of Windows) from threats from a public VPN network (after all, personal computers of users work on it, on which anything can stand). How can you secure the connection from them to the RDP protocol so that only the correct and necessary are passed through, and the suspicious ones are discarded? Are there any real-time traffic analyzers?
Answer the question
In order to leave comments, you need to log in
Install all possible updates from MS, install (configure) furrywall and a / c and don't worry.
Windows Server 2008 R2 is already inherently insecure if you don't have an extended subscription to receive updates.
The correct option is to update the OS.
The only thing that can be advised as a collective farm is to raise the RDP Gateway on Windows Server 2016 \ 2019 and open access to the terminal server only through the Gateway, prohibiting everything else with a firewall.
All other options will cost more than an OS upgrade license.
It's safe enough locally.
All you need to do is disable unused and obsolete services like old versions of SMB, and set up a firewall.
In the firewall, block everything that you do not use.
And access via RDP is limited to a pool of local addresses.
From what you've read:
This is just the time when a malware or an insider pro exploits one of the vulnerabilities for 2020-2021
An attack can be from a neighboring server (DC, for example, since your terminal is old, then from a DC)
And this will happen, but you and PC personal are used.
OpenVPN also go by the button that is stored in the operating system, which means it can be stolen and the attacker will generally connect with his kali linux.
How can you secure the connection from them to the RDP protocol so that only the correct and necessary are passed through, and the suspicious ones are discarded?
Refuse personal home devices or implement MDM, but apparently it’s also not your option for money, of course the Zero trust concept is correct.
Two-factor + one-time password not via SMS.
EDR on each device, including on the terminal, with rules for blocking the device if the risk is exceeded. Terminal output from the domain. Transferring it to a segment where there are no other servers. Setting up according to the baseline from MS and turning off unnecessary things on it even more. Minimization of access from the server somewhere to the network, for example, not giving access to personal data from it (read 152-FZ and by-laws) and other information of your customers. Collection of logs from it to another device and analysis of security events in the logs.
Are there any real-time traffic analyzers that can distinguish a "correct" user connection to RDP from some kind of attack on the same RDP or another service? And on these packets to identify the "violator" and block him?
Is Windows Server 2008 R2 completely secure against threats on the local network?Better to be safe and disconnect altogether from the network.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question