This guide is how to mitigate brute force remote desktop service or RDP on your server. Only applies to customers who subscribe to a Windows VPS or Dedicated Windows server.
Changing the RDP Port
The first thing you can do is change the server port. For example, the default port is 3389 then you want to change the remote desktop port to 7792.
Then use Windows Powershell:
$portvalue = 7792
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue
Then reboot the server.
Enabling RDP with Network Level Authentication
The second thing is to make sure to use NLA or Network Level Authentication on the allow remote desktop connection option to your server.
Right-click My Computer > Properties.
Then click Remote Settings and activate NLA as shown below.
Using Third Party Cyberarms Software
One of the free options available is to use third party Cyberarms. This software provides bruteforce protection to several services and performs blocking. Although it provides protection services to the server, the free version has limitations. That is, when the block list is large enough, it will affect the server's RAM usage, and sometimes the RAM usage and CPU resources are quite large.
Using ESET
The solution offered by Exabytes is to use ESET Server Security protection. This package is available in the addon option for every VPS server purchase that uses the Windows operating system. Whether it's a Windows VPS or a Windows Dedicated Server.
In addition to ransomware protection, ESET server security protection also includes Network Attack Protection. More details on ESET server security features : https://www.eset.com/kh/business/solutions/file-server-security/
