RDProtect

One of the most common techniques used by hackers to penetrate your network, is just plain-old password guessing. Therefore hackers use tools to perform brute force password hacking over the internet against your Web-Server environments. The most popular tool is TSGrinder but there are also several other tools outside.

Some People give tips to prevent from beeing hacked:

"Use RDP over VPN"
If you use Windows Web Server 2008 R2 it dows not provide VPN-Functionality

"Use strong password policy and suspend the account for a while after continuous wrong passwords"
This does not prevent from the Attempt and can result in a "Denial of Service - DOS" Attack which significantly reduces the System performance. Remember: Each attempt generates network traffic which may cost a lot of money. We heared of 30GB per day on some of our customers.

"Change the RDP Port"
Most hackers utilize port scanners to identify the RDP port. This is in case of the brute force attack a small step and does not really help.

RDProtect provides a secure mechanism to prevent these kinds of attacks. But how does it work ?

RDProtect monitors each login attempt. If there where 3 wrong logon attempts within 10 Minutes from within the same remote ip this ip will be excluded by a temporary firewall rule for 120 Minutes. The given values are defaults and can be changed along your needs.

Due to the temporary generation of a firewall rule automated attacks move on when no response is received after a few attempts.