简体繁体 English

Azure Windows 虚拟机 RDP 安全

[英]Azure Windows Virtual Machine RDP security

原文 2019-10-29 17:07:53 1 2 azure/ security/ virtual-machine/ rdp

Hello & many thanks in advance.您好，非常感谢您。

I'm a complete beginner with Azure and have followed the tutorial in creating a VM.我是 Azure 的完整初学者，并按照教程创建 VM。 I access it via RDP.我通过 RDP 访问它。

I switched on the event logger and I can see that there are multiple attempts to try and login into the admin account every couple of seconds or so.我打开了事件记录器，我可以看到每隔几秒左右就有多次尝试登录管理员帐户。

Just wondering if there is a way to secure against this?只是想知道是否有办法防止这种情况发生？

Thanks谢谢

Will将要

2 个解决方案

There are multiple ways to secure, take a look at below;有多种保护方法，请看下面；

https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas#restrict-direct-internet-connectivity https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas#restrict-direct-internet-connectivity

There are several different things to consider here.这里有几个不同的事情需要考虑。 First, we should identify what specifically makes RDP a favorite target of cyberattacks.首先，我们应该确定是什么使 RDP 成为网络攻击的最爱目标。

The biggest known weakness of RDP is that is requires open ports, the default values of which are widely known. RDP 最大的已知弱点是需要开放端口，其默认值广为人知。 This is why you are seeing all those login attempts.这就是为什么您会看到所有这些登录尝试。 Cybercriminals are constantly scanning port 3389 on every know IP address to find a vulnerability.网络犯罪分子不断扫描每个已知 IP 地址的 3389 端口以查找漏洞。 The best thing you can do here is to change the default port to something else.您可以在这里做的最好的事情是将默认端口更改为其他端口。

Secondly, RDP passwords requirements are often not enforced.其次，通常不强制执行 RDP 密码要求。 A McAfee report found that the most common passwords for vulnerable RDP services were “123456” and “password.” McAfee 报告发现，易受攻击的 RDP 服务最常见的密码是“123456”和“password”。

Finally, and perhaps the most frustrating is that RDP is just a really old protocol not designed for the modern internet.最后，也许最令人沮丧的是，RDP 只是一个非常古老的协议，不是为现代互联网设计的。 There is a laundry list of known RDP vulnerabilities, for which many organizations simply neglect to address.有一个已知 RDP 漏洞的清单，许多组织只是忽略了解决这些漏洞。

There are a few things you can do as a savvy admin:作为精明的管理员，您可以做一些事情：

Change your RDP port更改 RDP 端口
Put your RDP server behind a firewall and/or a VPN将您的 RDP 服务器置于防火墙和/或 VPN 之后
Enable strong password requirements启用强密码要求
Enable multi-factor authentication启用多因素身份验证
Apply all available security patches应用所有可用的安全补丁
Use a modern zero-trust access service like Twingate, Perimeter 81, or Zscaler to limit access and detection by unauthorized users.使用 Twingate、Perimeter 81 或 Zscaler 等现代零信任访问服务来限制未经授权的用户的访问和检测。

I tried to cover these topics in a blog post I wrote for my company (Twingate), which provides a fairly good summary of the situation and some other ideas to secure your RDP server.我试图在我为我的公司 (Twingate) 写的一篇博文中涵盖这些主题，该博文提供了相当好的情况总结和一些其他想法来保护你的 RDP 服务器。 Hope this is helpful!希望这有帮助！