Home SecurityNetwork Security Tips to prevent RDP and other remote attacks on Microsoft networks

Tips to prevent RDP and other remote attacks on Microsoft networks

Source Link

One long-favored way that ransomware enters your system is through Microsoft’s Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft’s Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.

Attackers still go after our remote access, this time via RDP. With human-operated ransomware techniques, attackers gain access and then use higher privileges to gain more access in a network. You have several ways to protect your network from brute-force or other targeted remote attacks. 

Use administrator accounts with blank passwords

Believe it or not, one way to block such attacks is to have a blank password for the administrator account. Using the Group Policy setting “Accounts: Limit local account use of blank passwords to console logon only” blocks the ability for anyone to remote into the network with a blank password. While this clearly is not an ideal protection, it’s an interesting one that’s been available in Group Policy since Server 2003.

Set Windows 11 lockout policies

Included in the Insider releases of Windows 11 and ultimately coming to Windows 11 22H2 will be a new policy that will set a more granular lockout policy than we currently have with Windows 10 or server platforms. The lockout policy in Windows 10 and Windows 11 appears as follows:

You get three policies: “Account locker duration”, “Account lockout threshold”, and one to reset account lockout counter after a set number of minutes.

Windows 11 22H2 will ship with one more policy setting and with the following defaults:

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment