Not logged in
Viewing 5 posts - 1 through 5 (of 5 total)

Forums>StrategyQuant>General Discussion>Windows Remote Desktop connection (MS RDP protocol)

  • #267944 |
    ivan
    Participant
    224 Posts

    Windows Remote Desktop connection (MS RDP protocol)

    Although this subject would be included in the dedicated thread of PC setups and recommendation, i think its important enough to have its own thread to be easier to find for beginners in SQ, especially after i saw there is a growing interest here on this forum in using a PC remotely.

    To be very short and to the point, to quote from a very good article:

    What can you do if you need to put RDP on the Internet? First off, don’t. Seriously, don’t.

    To protect RDP connections, the following recommendations are:

    -change default port 3389 in windows registry and router settings menu
    -enable Network Level Authentication NLA
    -install an antivirus/internet security software
    -put complex passwords (a long passphrase containing 15+ characters with no phrases related to the business, product names, or users is mandatory

    the above are easy and free of charge, the following are more complex and some require paid subscription

    -Install two-factor authentication (2FA), a type of Multi-Factor Authentication (MFA), password + SMS
    -Install a virtual private network (VPN) gateway to broker all RDP connections from outside your local network.
    – A Remote Desktop Gateway server

    some very good and useful articles:

    Secure Your Computer by Modifying the Default RDP Port Number | Alexander’s Blog (zubairalexander.com)

    https://www.zubairalexander.com/blog/secure-your-computer-by-modifying-the-default-rdp-port-number/

    Adventures of an RDP Honeypot – Part One: RDP Security | TrustedSec

    https://www.trustedsec.com/blog/adventures-of-an-rdp-honeypot-part-one-rdp-security/

    Adventures of an RDP Honeypot – Part Two: Know Your Enemy | TrustedSec

    https://www.trustedsec.com/blog/adventures-of-an-rdp-honeypot-part-two-know-you-enemy/

    so leaving an RDP on simple default configuration is plain suicide

    Timisoara, Romania
    3900X 3.8 Ghz 12 cores, 64GB RAM DDR4 3000Mhz, Samsung 970 EVO Plus M.2 NVMe

    #267965
    ivan
    Participant
    224 Posts

    i will like to add a few additional information

    i didnt specified but all these measures for RDP is for the situation when the user needs to connect outside the local network, from another location

    besides the measures above, a few more can be implemented:

    https://tweaks.com/windows/39140/create-an-account-lockout-policy/

    – Create an Account Lockout Policy: Creating an Account Lockout Policy will protect your account by limiting the number of time a remote application or attacker can try to guess your password.  This works by automatically locking out your account after a designated number of incorrect passwords were entered.  Your account will remain locked out for a designated period of time before it is automatically unlocked and it can be logged into again.  This provides a valuable addition to your account security because it can render brute force password attacks useless.

    – under no circumstances, do not grant access to RDP to the account with the username “Administrator” and if possible, never use or never create any user with the username Administrator

    Given the old age of the RDP in windows and the many steps necessary to secure it, its understandable that the alternatives are much more reliable and secure and in the following future, i will write here and present the best alternatives

    I will also write here about another very useful feature, Wake On LAN

    • This reply was modified 6 months, 2 weeks ago by ivanivan.

    Timisoara, Romania
    3900X 3.8 Ghz 12 cores, 64GB RAM DDR4 3000Mhz, Samsung 970 EVO Plus M.2 NVMe

    #267978
    Customer
    794 Posts

    on my VPS servers i am making only 2 things – change the port and use strong password

    4 years of trading – no single problem

    You want to be a profitable algotrader? We started using StrateQuant software in early 2016. For now we have a very big knowhow for building EAs for every possible types of markets. We share this knowhow, apps, tools and also all final strategies with real traders. If you want to join us, fill in the FORM. 1500+ final SQX strategies for members running on demo accounts to verify the edge DEMO ACCS. We provide also strategies for indices - DAX, DOW JONES, NASDAQ, SP, UK, because we have realtick data from our brokers.

    #267985
    ivan
    Participant
    224 Posts

    yes, more advanced/experienced users can use it but especially beginners should understand very well the difference between something opened to the internet and not opened. Because no matter how secure is the RDP, its open by its very design. Once you forward the port, its open. Its a very important distinction.

    By contrast, any third party remote software, free or paid, doesn’t require the computer to be opened on the internet, no port forwarding.

    So for beginners, its either a VPN service or a reliable third party remote software.

    Timisoara, Romania
    3900X 3.8 Ghz 12 cores, 64GB RAM DDR4 3000Mhz, Samsung 970 EVO Plus M.2 NVMe

    #267986
    ivan
    Participant
    224 Posts

    i also use it in the present, momentarily but i am in progress in switching permanently in the near future to something more secure because after reading many reliable articles, its too insecure and constantly in danger of being hacked and many modern viruses can spread inside the local network once inside.

    A VPN subscription is also an attractive alternative

    Timisoara, Romania
    3900X 3.8 Ghz 12 cores, 64GB RAM DDR4 3000Mhz, Samsung 970 EVO Plus M.2 NVMe

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.