Unfortunately, they also have vulnerabilities. For example, in late 2019, security researchers found
37 vulnerabilities in various clients working with the VNC protocol.Change all users settings to a different port
Probably the least reliable method of all we have described in this article, although many businesses seem to use it successfully. It is highly impractical if you have a few to many end users as it will take a considerable amount of time to change everybody’s settings, especially when every minute counts.
In addition, it's quite a short sighted plan as the fix will only be temporary. This is due to modern bots with intelligent port scanning software which will quickly find the new port. At Variti, we see bots spotting a non-standard port in 2 - 48 hours.Connection limits
This technique restricts the number of open sessions at one time and users that can connect to corporate servers online. Access can be reduced by using a certain number of IP addresses, limiting wrong login attempts, setting the suspension time for incorrect passwords and so on. Unfortunately this will only delay the inevitable as bots can work 24x7.IP blocking
IP blocking is an effective method to combat less sophisticated or newcomer attackers, but not as effective in more advanced scenarios.
First, brute force attacks are often launched from a group of addresses or even different subnetworks, so IP blocking works just as a symptom treatment.
Second, an IP address is too easy to spoof - attackers can use hundreds and easily change any, including your own or your client's. And finally, IP blocking on a Windows server is quite challenging due to it not always being visible.
Having an IP whitelist is also a questionable idea for remote locations and home offices. IP addresses can change since users typically possess numerous gadgets and sometimes work outside home with a public WiFi.
There are many more RDP attack protection solutions in the market in addition to the ones mentioned above. There are hardware solutions like firewalls, routers, virtualisation, main database separation and much more.The brave new world
For many companies, remote work will remain a standard practise whilst RDP still suffers many vulnerabilities.
The market doesn't have a single all-in-one solution against RDP attacks yet.