Categories
All Posts Remote Desktop Hosting Windows Server 2016

Host based Intrusion Detection Prevention Software RDP

RDP Intrusion Prevention Software (Host based Intrusion Detection/Prevention) – RDP IP blockers (software for brute force protection against Windows RDP based on failed attempts from various IP addresses; some products also have geolocation blocking to block IPs assigned to certain countries.)

There are several third-party software products available that will lock out IP addresses after X number of failed attempts such as Syspeace, RdpGuard, TSPlus RDS-Knight, LF Intrusion Detection and more.  Syspeace ($73/year or $0.20 per day with minimum $15 purchase) has a global blacklist feature as well as a geolocation feature to block IP address by location/county.  During a test with the Syspeace software, we noted a majority of failed login attempts were geocoded to Russia and Ukraine.  Another observation was when we changed the RDP port to something other than 3389, the failed attempts dropped to zero, although automated bots may have eventually found the changed port (we didn’t try it that way for very long).