Skip to content

Securing a Windows RDP Connection for Remote Access

Remote Desktop Protocol (RDP) allows users to remotely control and interact with a computer as if they were physically present at the machine. This can be useful for various purposes, including technical support, troubleshooting, and accessing resources on a remote machine.

Remote Desktop Protocol (RDP) has been a common target for cyber attackers, including those deploying ransomware. The widespread use of RDP for legitimate remote access also makes it an attractive target for malicious actors looking to gain unauthorized access to systems.

One way to greatly reduce your attack surface is to avoid exposing your RDP to the Internet.

With n2x.io, you can allow only clients on your n2x.io network topology to connect to your RDP servers. n2x.io works transparently with the RDP client, securing your network without making RDP any harder to use.

Here is the high-level overview of the guide setup architecture:

Architecture
Architecture

Before you begin

Step-by-step Guide

Step 1: Connect Client Device to our n2x.io Network Topology

We need to connect Client Device to our n2x.io network topology to allow the connection to Azure VM privately.

Adding a new node in a subnet with n2x.io is very easy. Here's how:

New Node Client

  1. Head over to the n2x.io WebUI and navigate to the Network Topology section in the left panel.
  2. Click the Add Node button.
  3. Assign a name and description for the new node.
  4. Click Add New Connected Node to Subnet.

Here, we can select the environment where we are going to install the n2x-node agent. In this case, we are going to use Windows:

Node Setup Client

Open a Windows PowerShell as Administrator in Client Device and execute the previous one-line command:

Client n2x-node Installed

You can use ipconfig command on Client Device to check the IP assigned to this node:

Node IP Client

Step 2: Connect Azure VM to our n2x.io Network Topology

Now, we need to connect Azure VM to our n2x.io network topology to allow the connection from Client Device privately.

We are going to repeat the same steps as before. Here's how:

New Node Azure

  1. Head over to the n2x.io WebUI and navigate to the Network Topology section in the left panel.
  2. Click the Add Node button and ensure the new node is placed in the same subnet as the Client Device.
  3. Assign a name and description for the new node.
  4. Click Add New Connected Node to Subnet.

Here, we can select the environment where we are going to install the n2x-node agent. In this case, we are going to use Windows:

Node Setup Azure

So we are going to connect to Azure VM via RDP through the public IP address, since we have not yet established n2x.io network topology:

Public RDP

Open a Windows PowerShell as Administrator in Azure VM and execute the previous one-line command:

Azure n2x-node Installed

You can use ipconfig command on Azure VM to check the IP assigned to this node:

Node IP Azure

Step 3: Remove RDP Access from the Internet

To remove RDP access the from Internet in the Azure VM, we are going to Select your VM > Networking > Network settings > Network security group and then remove RDP inbound port rules:

Remove RDP Rule

If we try to connect to Azure VM via RDP through the public IP, we will have the following error:

Public RDP Error

Step 4: Verify we can connect to Azure VM via RDP through our n2x.io Network Topology

And we’re done! Now we can verify that we can connect to Azure VM via RDP from Client Device through our n2x.io network topology. So we are going to connect to Azure VM via RDP through the 10.254.1.73 IP address assigned by n2x.io IPAM:

Private RDP Conexion

Success Access

At this point, any node on your n2x.io network should be able to access Azure VM. To control access within your n2x.io network topology, you should use Security Policies.

Conclusion

In this guide, we've learned how n2x.io can help to avoid exposing RDP to the Internet. So organizations can significantly reduce the risk of RDP-related security incidents and protect their systems from ransomware attacks and other forms of exploitation.