• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Security  /  Is your Remote Desktop System safe from Bruteforce attacks?
18 October 2016

Is your Remote Desktop System safe from Bruteforce attacks?

Written by Rashmi Markhedkar
Security
2
Estimated reading time: 3 minutes

As we have explained in the previous Troldesh ransomawre blog, Cyber criminals are now spreading and infecting ransomware by gaining access to computers through Remote Desktop. Remote access to the victim’s computer is gained by using brute-force techniques which can effectively crack weak passwords.

Typically, the attacker scans a list of IP ranges for RDP port 3389(default RDP port) which are open for connection. Once an attacker finds a port, they launch the brute-force attack. The brute-force technique uses a trial and error password guessing attack with a list of commonly used credentials, dictionary words, and other combinations. There are several tools available in the internet that performs the above Port scanning and RDP Brute forcing with ease.

Once the access is gained, criminals simply disable the system’s antivirus and run the payload. This means, even if the antivirus is updated and has a detection against the malware, turning off its protection renders the system defenseless.

However, Quick Heal Firewall feature can effectively prevent such unauthorized access by configuring it to allow only trusted IP addresses from accessing the system via Remote Desktop.

 Configuring Firewall:

 First we need to create a rule to block RDP connections from any incoming systems. Then we create an exception rule to allow only specific systems from being able to bypass the first rule and access the systems RDP.

 

For Seqrite EPS Products:

Login to the EPS Console => Select Settings Tab => Firewall.

Note: These settings will be applicable to all clients under the default policy.

For other Groups created, the configuration should be made on its respective policy.

 

eps_firewall

 

For Quick Heal Standalone Products:

Open Quick Heal Dashboard => Select Internet and Network => Firewall Protection=> Advanced Settings – Configure=> Traffic Rules.

1) To block all RDP connections:

  • Scroll down and double click on the Allow Remote Desktop rule.
  • Click on Next till you reach the last window i.e Select Action
  • Here change the action from Allow to Deny and click on Finish.

2) To add exception for trusted systems:

  • In the Traffic rule window click on Add for adding an exception.
  • Give any Name for the rule eg. RDP White-list and select Next twice.
  • In the Local TCP/UDP Port window enter the RDP port in the Specific port option and click Next. By default the RDP port is 3389.
  • In the Remote IP Address enter the IP address of the system from which you would want to accept RDP connections.
  • You can also enter an IP range to allow RDP connections from multiple systems of the specified range. Eg. 192.168.0.1 to 192.168.0.255.
  • Select Next for the Remote TCP/UDP port window.
  • Select action to be taken as ‘Allow’ in the last window and click finish.

Now save the changes made by clicking on OK and selecting Save Changes.

Note: Make sure that the RDP White-list rule is higher than the Allow Remote Desktop rule in the Firewall rule list.

 

standalone_firewall_configuration

Other Security practices to help avoid RDP brute-forcing attacks.

– Use strong and unique passwords on user accounts that cannot be easily breached. Weak passwords like Admin, admin@123, user, 123456, password, Pass@123, etc., can be easily brute-forced in the first few attempts itself.

– Configure password protection for your security software. This would prevent any unauthorized users accessing the system from disabling or uninstalling it. Quick Heal users can enable this feature from the Settings => Password Protection.

– Disable the Administrator account and use a different account name for administrative activities. Most brute-force attempts are done on an Administrator user account as it is present by default. Also, remove any other unused or guest accounts if configured on the system.

– Change the default RDP port from the default‘3389’. Most attacks of such type focus on targeting the port 3389 of RDP.

– Enable Network Level Authentication (NLA) feature in your RDP settings available in Windows Vista and later OS.

Ref: https://technet.microsoft.com/en-us/library/cc732713.aspx

– Configuring Account Lockout Policies that automatically lock the account after a specific number of failed attempts. This feature is available in Windows and the threshold can be customized as per the administrator.

Ref: https://technet.microsoft.com/en-us/library/dd277400.aspx

 Previous PostHow to Recover Files After a Ransomware Attack?
Next Post  SC Magazine Gives High Rating to Quick Heal Endpoint Security Tot...
About Rashmi Markhedkar

...

Articles by Rashmi Markhedkar »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

2 Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

  1. Vijay soni Reply to Vijay to Vijay soni'> Reply to Vijay
    November 13, 2017 at 7:42 PM

    How can i Enable Network Level Authentication (NLA) feature in Server 2012 R2

    • Ankita Ashesh Ankita Ashesh Reply to Ankita to Ankita Ashesh'> Reply to Ankita
      March 26, 2018 at 12:01 PM

      Hi Vijay,

      You can watch this video which explains how to enable NLA in 2012: https://www.youtube.com/watch?v=x4Z1Vm-ORCI.

Popular Posts

  • RAT used by Chinese cyberspies infiltrating Indian businesses RAT used by Chinese cyberspies infiltrating Indian businesses December 18, 2020
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • How can EdTech companies deal with rising security challenges? How can EdTech companies deal with rising security challenges? December 24, 2020

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Are we prepared against risks generating from the IoT revolution?

    Are we prepared against risks generating from the IoT revolution?

    January 15, 2021
  • Proactiveness is the key to resolving hybrid cloud’s security challenges

    Proactiveness is the key to resolving hybrid cloud’s security challenges

    January 6, 2021
  • How can EdTech companies deal with rising security challenges?

    How can EdTech companies deal with rising security challenges?

    December 24, 2020

Stay Updated!

Topics

Antivirus For Linux (10) Antivirus For Server (9) BYOD (9) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (274) cyber security (25) Cyber threat (29) cyber threats (44) Data (10) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) incident response plan (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (54) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.