Secure RDS Farm for pulic RDP Usage?

K

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
So we support this company that has a RDS farm with 7 servers plus 1 broker. The broker is setup with a public IP address and domain name. Clients are simply using Microsoft's RDP to access the farm over 3389. Lately there has been a lot of failed logons on the broker from foreign IP addresses. Another company manages their Juniper firewall. We find out that all ports were open to the public and have him close all ports but 3389.

I know having 3389 open to the public is not a recommended. Although, how much damage can be done by leaving 3389 open?

What are better options for using RDS from any location? I was thinking of RDS Web Access. Have clients log into a secure website and launch RDP from there. At least that is a free solution. The other option I was thinking was having clients use SSL VPN.

What do you guys think?
 
TSGateway? Or whatever it is called now. Login to a website and do RDP over SSL
 
I am also seeing a lot of these audit failures in the Security Logs. Event ID 5159.


Code: 
The Windows Filtering Platform has blocked a bind to a local port.
Application Information:
Process ID: 1128
Application Name: \device\harddiskvolume2\windows\system32\svchost.exe
Network Information:
Source Address: 0.0.0.0
Source Port: 61128
Protocol: 17
Filter Information:
Filter Run-Time ID: 0
Layer Name: Resource Assignment
Layer Run-Time ID: 36

PID 1128 points to a lot of services including Terminal Services. What would cause all these failures? There are probably about 12 logged every minute.
 
TS Gateway is the way to go. While exposing 3389 needn't be horrible, I like wrapping the whole thing up in TS Gateway. A single administrative point, gives you more control.

In addition, I'd setup lock out policies for the users that might be logging in remotely ( or the domain if pre-2008 level ).
 
You must log in or register to reply here.
Back
Top