Pro Admins here? Windows Server, RDP and Security

Hey Guys,

is it considered secure, if you rent a virtual windows server, set the windows firewall to deny everything except RDP and use it as a terminal-server? I'm talking from an enterprise perspective...

Couldn't find any real information on best practices in that case and personally I don't have enough experience with Windows Server to judge.

The context is, that I'm sitting in front of such a setup, which keeps getting infected with malware and I'm trying to narrow down possible attack-vectors.

Using a terminal server isn't inherently insecure in and of itself.
Setting the Windows firewall to deny everything except RDP isn't a bad idea, to the end of using the server as a terminal services machine.
Bump up the port on which RDP is listening.
Audit the user accounts on the machine.
Start locking down what users can do while they're on the machine.

Just based off of the little information here, if you're getting infected with malware, I'd venture that it's what people are doing while connect to the server that is infecting it, rather than it being infected by listening on the default RDP port. But don't let it listen on the default RDP port. For reasons why you shouldn't let services listen on the default ports, turn on failed login attempt logging (no, it's not on by default), and watch the Security section in Event Viewer.


Thanks a lot for your advice.
Was getting a little frustrated with the machine, but now I've hope, that this could actually become a stable system :slight_smile: