Remote Desktop secrity

I have a Server where some user use to connect into with Remote desktop, yesterday I noticed in the log start showed me a lot logon failed using account name are not exist in  my environment so somebody is tried to connect attacking the port I think  so my question is what I can do?

I already have gateway with SSL in that remote  

so I need to change the port? which options I have?

my server  windows 2008 R2 and  I have a fortinet Firewall

no to many experience
PLCITSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin EvansCommented:
even if you do change the port of the RDP session and change it on the firewall,  it will be possible to discover this from port scanning software.  what you could do is implement a VPN to your servers rather than enabling RDP through the firewall.  If you don't want to do this have a password audit to ensure that the passwords are stronger than a possible dictionary attack scenario.

kind regards

Justin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin EvansCommented:
as well you could restrict the IP addresses to your RDP session that you allow
Shaun VermaakTechnical SpecialistCommented:
You can also look at RDPGuard
https://rdpguard.com

Process to investigate and possible remediations such as RDPGuard listed here
https://www.experts-exchange.com/articles/29305/Active-Directory-Locked-Account-Investigation-Process.html
myramuCommented:
Hello,

Use ssl web vpn on FortiGate with 2 factor authentication. This is more secure than allowing using VIP policy.

Good Luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.