How to Block Brute-Force Attacks on Your RDS Web Server Using IIS 10 Dynamic IP Restrictions and RDPGuard

Question:

How can I prevent brute-force attacks on my RDS Web server using Windows Server 2019 IIS 10? I have RDPGuard installed, but sometimes the attackers use a valid user account and lock it out before RDPGuard can block the IP. Is there a built-in or third-party solution for rate-limiting connection attempts?

Answer:

How to Protect Your RDS Web Server from Brute-Force Attacks

Remote Desktop Services (RDS) is a popular technology that allows users to access Windows applications and desktops over the internet. However, RDS web servers are also vulnerable to brute-force attacks, where hackers try to guess the credentials of valid user accounts by sending multiple login requests in a short period of time. These attacks can compromise the security and performance of your RDS web server, as well as lock out legitimate users from accessing their resources.

Fortunately, there are some ways to prevent or mitigate brute-force attacks on your RDS web server using Windows Server 2019 IIS 10. In this article, we will discuss two solutions: one that uses a built-in feature of IIS 10, and one that uses a third-party tool called RDPGuard.

One way to prevent brute-force attacks on your RDS web server is to use the Dynamic IP Restrictions feature in IIS 10. This feature allows you to block or deny access to a remote client based on the number of requests received over a period of time. For example, you can configure IIS 10 to block a client that sends more than 10 requests in 5 seconds, or deny a client that sends more than 100 requests in a minute.

To enable Dynamic IP Restrictions in IIS 10, you need to install the IP and Domain Restrictions role service on your Windows Server 2019. You can do this by following these steps:

  • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
  • In Server Manager, click the Manage menu, and then click Add Roles and Features.
  • In the Add Roles and Features wizard, click Next.
  • Select the installation type and click Next.
  • Select the destination server and click Next.
  • On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select IP and Domain Restrictions. Click Next.
  • On the Select features page, click Next.
  • On the Confirm installation selections page, click Install.
  • On the Results page, click Close.
  • After installing the IP and Domain Restrictions role service, you can configure the Dynamic IP Restrictions settings for your RDS web server by following these steps:

  • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
  • In the Connections pane, select the server name to add dynamic IP restrictions for the server, or expand Sites and then select a site to add dynamic IP restrictions for the site.
  • In the Home pane, double-click the IP Address and Domain Restrictions feature.
  • In the Actions pane, click Edit Dynamic Restriction Settings….
  • In the Dynamic IP Restriction Settings dialog box, select Deny IP Address based on the number of requests over a period of time, enter the maximum number of requests, enter the time period (in milliseconds) that is used to determine the request rate, and then click OK.
  • You can also customize other settings, such as enabling logging, setting the action type (block or deny), and configuring the response status code and substatus code. For more information on the Dynamic IP Restrictions feature, you can refer to this article.

    Using RDPGuard

    Another way to prevent brute-force attacks on your RDS web server is to use a third-party tool called RDPGuard. RDPGuard is a security software that monitors the RDP protocol and automatically blocks the IP addresses of the attackers. RDPGuard works with any RDP-enabled application, including RDS web servers.

    To use RDPGuard, you need to download and install it on your Windows Server 2019. You can do this by following these steps:

  • Go to the RDPGuard website and click Download.
  • Run the setup file and follow the installation wizard.
  • After the installation, launch RDPGuard and click Start Protection.
  • Optionally, you can adjust the settings, such as the number of failed login attempts, the blocking duration, the whitelist and blacklist, and the notification options.
  • RDPGuard will start monitoring the RDP activity on your server and block any suspicious IP addresses. You can view the blocked IP addresses, the attack statistics, and the logs from the RDPGuard interface. For more information on RDPGuard, you can refer to this article.

    Conclusion

    Brute

-force attacks are a common threat to RDS web servers, but they can be prevented or mitigated by using the Dynamic IP Restrictions feature in IIS 10 or a third-party tool like RDPGuard. Both solutions can help you protect your RDS web server from unauthorized access, improve its performance, and avoid user account lockouts. You can choose the solution that best suits your needs and preferences, or use both solutions together for extra security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us