Prevent RDP Hacking in 2 Minutes with OTP

4 Shares

Last year when working on my Automation Framework 1909 release I spun up a new lab and enabled port forwarding to be able to access that particular vLAN from home. The reason I got hacked is obvious, weak [email protected] and default port 3389.

Now the scary part is how fast it happened. I’m well aware of the risk and that’s why I enabled the forwarding rule when I started to work that Saturday morning. Less than 3 hours later I was hacked!

Today I never enable RDP access without a 2-Factor Authentication (2FA) solution. You’ll be surprised at how fast and easy it is to setup using Parallels Remote Application Server.

You will need two servers, one being the Gateway and the other being the jump host / worker. You can deploy it all automatically (including software download) using my video instructions from my free Automation Framework Community Edition.

I’m running the infrastructure on Windows 2019 Server Core using 1 vCPU with 2 GB. The only thing you need to do is to register for a Parallels account and replace the info below before running the PowerShell code below.

My worker is running Windows 2019 Server with Desktop Experience using 2 vCPU with 4 GB. Run the following configuration in PowerShell on the Worker.

To active 2-Factor Authentication, open http://INFRASERVERSERVER and logon with the AD account you want to use for remote access. This will display a QR code that you need to scan into your Google or Microsoft Authenticator app.

And that’s it. Parallels is extremely easy and fast to implement and did I mention the price? It’s only $99 per user/year.

4 Shares

2 Responses to Prevent RDP Hacking in 2 Minutes with OTP

Leave a reply