WYNTK: Securing Remote Access
Steps:
- Ensure account lockout enabled (Active Directory, Jump Cloud) after 'x' attempts
- Enable Remote Desktop but restrict users
- (Optional) Restrict user permissions on desktop (no admin rights)
- Install, configure, and mandate Duo for Remote Access (or all logins, UAC, etc)
- Install, configure RDPGuard (spank IP addresses) - or -
- Port forward 65xxx to 3389 - direct to 192.168.yyy.xxx
- (Optional) Restrict IP access to known networks - or -
- (Optional) NordVPN Teams with dedicated server and whitelist NordVPN dedicated IP
- Configure Pulseway to monitor RDPGuard service
- Use TSPrint for remote printing
- Use LucidLink for file storage (NAS) and send/receive scans