What are the means against terminal brute force?

C

Cyril2017-04-14 17:23:00

Passwords

Cyril, 2017-04-14 17:23:00

There is a Windows Server 2012 in the role of a terminal server, to which users can connect from the outside via RDP.
What is the remedy for brute-force passwords for domain accounts? Are there any programs that can detect brute force and block suspicious connections to the terminal?
In the events (Windows Logs -> Security) of the authorization audit, I noticed continuous attempts to guess passwords for domain account logins. Each failure event is marked as "Audit Failure" and there are many.
Moreover, each time a different "Account Name".
Advise, please, a remedy against enumeration of passwords to domain accounts via RDP. Thanks

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry, 2017-04-14
@Tabletko

It's best practice not to expose the bare rdp to the outside. It is better to organize vpn and allow connection from there.

V

Viktor Belsky, 2017-04-14
@Belyj

As written above - RDP accessible from the outside is bad. But if there is nowhere to go, then change the standard port (3389) on the external interface to another one and just forward. Also, do not use standard accounts such as Administrator, admin, root, and set the number of failed login attempts in group policy.

T

titanrain, 2018-12-06
@titanrain

Of all that I tried, the most adequate turned out to be RdpGuard . True paid.