Prevent RDP Hacking in 2 Minutes with OTP


Last year when working on my Automation Framework 1909 release I spun up a new lab and enabled port forwarding to be able to access that particular vLAN from home. I’m well aware of the risk of RDP hacking and that’s why I enabled the forwarding rule when I started to work that Saturday morning.

Prevent RDP Hacking in 2 Minutes with OTP

The reason I got hacked is obvious, weak P@ssw0rd and default port 3389. Now the scary part is how fast it happened. Less than 3 hours later I was hacked!

Today to prevent RDP hacking I never enable RDP access without a 2-Factor Authentication (2FA) solution. You’ll be surprised at how fast and easy it is to setup using Parallels Remote Application Server.

You will need two servers, one being the Gateway and the other being the jump host / worker. You can deploy it all automatically (including software download) using my video instructions from my free Automation Framework Community Edition.

I’m running the infrastructure on Windows 2019 Server Core using 1 vCPU with 2 GB. The only thing you need to do is to register for a Parallels account and replace the info below before running the PowerShell code below.

My worker is running Windows 2019 Server with Desktop Experience using 2 vCPU with 4 GB. Run the following configuration in PowerShell on the Worker.

To active 2-Factor Authentication, open http://INFRASERVERSERVER and logon with the AD account you want to use for remote access. This will display a QR code that you need to scan into your Google or Microsoft Authenticator app.

Activating 2Fa to avoid RDP hacking

And that’s a simple way to prevent RDP hacking. Parallels is extremely easy and fast to implement and did I mention the price? It’s only $99 per user/year.


Automation Framework Community Edition

The fastest way to build your lab environment.

Virtual Expo

Friday 30th of September 2022

2 thoughts on “Prevent RDP Hacking in 2 Minutes with OTP”

Leave a Comment