Methods to Secure Windows Remote Desktop RDP

How To Secure Windows Remote Desktop

In September 2018 the FBI issued a public service announcement regarding risks and hacking attempts again the RDP protocol.  See the announcement here which includes some suggestions (with additional considerations below)

Considerations For Securing your Windows Server / RDP Terminal Server

Here is a list of various actions to consider to help secure your remote server environment:

After applying any of the actions above, make sure to test whether they are working properly.  You can open multiple RDP sessions using different user names initiated from one PC which can be useful for testing.

The information provided in this document/post is intended to provide general information only and is not a complete listing of available considerations.  The content is provided AS IS without any express or implied warranties of any kind with respect to the accuracy, correctness, reliability, or fitness for a particular purpose.  You should be discussing all security policies and related procedures, configurations, monitoring and other server management functions with your IT staff or consultants.  Riptide Hosting does not provide managed services and is not a substitute for you maintaining your own IT staff/consultants. 

Dedicated Server and RDP remote desktop server backup options

Riptide Hosting offers the following backup options for Dedicated servers and Remote Desktop RDP hosted servers.


VEEAM: In our virtual server environment, we offer and recommend using Veeam backup which provides full server image backup.  The backup can be restored on a different host/server if needed.  Veeam provides image-based backup that allows for recovery of an entire VM and also individual file restore.  Our default schedule is nightly backup with retention of 14 restore points and we backup the virtual server to a backup repository in the datacenter that is separate from the VMware cluster.

MANUAL BACKUP: Depending on the size of data you need to backup, you could also make a copy of the data/files to your local office.  This is not a full server image backup rather only the files you choose to backup.

THIRD PARTY ONLINE BACKUP: Online-based backup solutions: Carbonite, Mozy and others which offer a relatively low monthly cost depending on # of machines and amount of data.  This is not a full server image backup.

You can also use a combination of the above methods.



DELL APPASSURE: We offer Dell AppAssure backup to our dedicated server clients.  Dell AppAssure backs up the entire server to a separate dedicated server which allows for full server restore.  This is the most robust backup offering on a dedicated server and allows complete customization on retention time, frequency of backups and many other settings.  It is a great offering but it is more expensive than other options because it requires a second server that is completely dedicated to you with large drives (not a shared repository) & Dell licensing.  This option can work with more than one dedicated server.

LOCAL BACKUPS TO SECOND RAID ARRAY – We can add a second raid array of 2TB drives to your server for as low as $30/month and you can backup to this manually, via a backup program you install or Windows Server Backup.  You can also do this to an external USB drive.

THIRD PARTY ONLINE BACKUP: Online-based backup solutions: Carbonite, Mozy and others which offer a relatively low monthly cost depending on # of machines and amount of data.  This is not a full server image backup rather only the files you choose to backup.

VEEAM ENDPOINT PROTECTION – Veeam Endpoint Protection FREE is a free solution for backing up Windows-based machines.  You can backup the machine to an external drive and perform a bare-metal restore or file level restore if needed.  Although it is not a full enterprise backup tools, it can be used on Windows Server 2008R2 or later.  To use Veeam Endpoint Protection Free, download and install the application.  During install, it will find the USB drive if its already plugged in.  The first full backup will take several hours.  During install, you will need to create the recovery media image and burn the iso to a DVD that you should keep a copy of.

WINDOWS SERVER BACKUP – The Microsoft Windows Server OS (2008 R2 and 2012 R2) has an included feature called Windows Server Backup that can be installed on our Dedicated Hosted servers (server manager -> add roles & features -> install).   Windows server Backup can be used to backup specific files or folders, full volumes or the full server for a bare metals restore.  It can be setup to schedule backups to run automatically, and can be performed to internal disk, external disk or remote shared folder.   You’ll want to store the backup on a separate drive/array.  Recommended backup drive size is at last 2.5x the amount of data to be copied.  Also, the drive will be reformatted by Windows Server Backup during the prep stage.

You can also use the Windows Server Backup feature to create a full system image (including OS, applications, settings, users, etc.) backup to a second drive.  Another option is to copy/back-up files to a second hard drive on the same server using the windows backup utility (can set up a schedule) or perform manually.

Links to Windows Server Backup articles on Microsoft Technet:

You may also want to consider a combination of the above methods – i.e. local backup to separate drive on the server along with periodic backups to the cloud or local office.