WYNTK: Securing Remote Access

Steps:

  • Ensure account lockout enabled (Active Directory, Jump Cloud) after 'x' attempts
  • Enable Remote Desktop but restrict users
  • (Optional) Restrict user permissions on desktop (no admin rights)
  • Install, configure, and mandate Duo for Remote Access (or all logins, UAC, etc)
  • Install, configure RDPGuard (spank IP addresses) - or - 
  • Port forward 65xxx to 3389 - direct to 192.168.yyy.xxx
  • (Optional) Restrict IP access to known networks - or -
  • (Optional) NordVPN Teams with dedicated server and whitelist NordVPN dedicated IP
  • Configure Pulseway to monitor RDPGuard service
  • Use TSPrint for remote printing
  • Use LucidLink for file storage (NAS) and send/receive scans