Brute force attack on RDP Server
Posted on 2013-01-10
we have a RDP broker that load balances to about 10 windows 2008 VM's, on the regular 3389 RDP Port. The users are very low-tech people.
We were seeing a brute force attacks coming in to a RDP broker, these have stopped after turning on NLA on the servers, however that brings to light a architecture question, should we close the RDP port and migrate all the users to using VPN, or put in place a firewall that can detect these type of attacks and block them, what other options are there? thanks!