- Requirements
- Windows Server
Windows PowerShell
Remote Desktop Security Monitor
Simply extract the contents anywhere and run "RDP MONITOR" to start the script.
This short and sweet PowerShell script will help fortify your server against malicious brute force attacks targeting the Remote Desktop Protocol (RDP).
It works by polling the system event logs, looking for specific Audit Failure events;
Upon detecting an Audit Failure, the IP address of the offending remote host is automatically added to a Windows Firewall entry.
It will react quickly, quick enough for any would-be attacker to have observed the heat-death of the Universe before they make any headway in guessing your password.
Not only does it protect RDP, but the firewall entry will block that IP from accessing any other port on your server, permanently.
The "RDP MONITOR" shortcut provided in this package can be used to set up a scheduled task, ensuring this script runs with the correct settings whenever your server boots up.
More security offers more peace of mind, make sure you use a strong password to secure your server.
You can change the port that RDP is listening on, to make it harder to find the way in.
WARNING:
If you run this script and fail to log-in to your own server and end up being firewalled, you will need to use another device with a different public IP to login and remove your IP from the firewall entry.
Alternatively, if you have access to KVM, recovering will be much easier in this event.