Best way to protect RDP

Easiest way is to change the RDP port and Change the firewall settings to only only only the minimum amount in as possible.

http://support.microsoft.com/kb/306759

Implementing VPN (as mentioned earlier) or SSH connections would increase security immensely with regard to RDP sessions.

Win2003 encrypts RDP traffic by default, though not very well.  You could increase this.  I would go with the other suggestions here.  Make sure the default admin account is not active, enforce strong passwords that are changed regularly, etc.  If you are using RDP for proper Terminal Services and not just a one-to-one remote desktop then you should probably use a gateway server outside of your firewall that is the only thing allowed in to your network.  If this is for individuals to get to desktops you may be better off with some form of VPN.  There is always the method of using LogMeIn or the like too.

>>> Even implementing VPN doesn't do much if you don't have and enforce complex, LONG passwords  <-- I have my client IPSec VPN's set up so that only authorized people have access. The VPN Pre-Shared Key is, of course, very secure. But as I noted, there have been no breaches at all and the first one went in nearly 10 years ago. ... Thinkpads_User

No implementing VPN would keep the RDP port from being probed, is this correct?  That seems to be the biggest issue is that I can see a ton of probes on the RDP port.  It does not seem to matter if I change the default port because they will just probe all port numbers until they find an RDP, then they move to cracking the login.  So does VPN shield the port from probing and just show itself when a remote user first establishes the VPN connection?