Terminal Services Firewall Mod

posted Dec 13, 2016, 10:28 AM by Andrew Chadick   [ updated Dec 14, 2016, 12:04 PM ]
A really good idea for your RDP Terminal server, is to create a new blocking rule.  Go directly into Windows Firewall and Advanced Security and create a rule  that blocks IP addresses. Once created, go into the rule and update the IP lists to block a single host or network group.  It's really a good idea to put a UTM with stateful packet filter on your edge, so you can look at the traffic coming in to your network.  Analyze the network usage, and check your standard and non-standard ports you use for RDP.  Log the attempts to access with no connection. These usually show in the tens to several hundred, with KB or small amounts of Megs utilized trying to connect.  Once you have those mapped out, put them in this block list.