locked
Securing RDP RRS feed

  • Question

  • Hi there,

    I have been testing out the VM features in Windows Azure and got a message from Windows Azure Abuse team that mentioned some bad traffic had come from an IP address in my subscription. I was very surprised at this as I have only deployed vanilla Windows VM's so far and generally delete them after an hour or so. This raised the questions of security for me.

    I started looking it using a certificate to secure the RDP session. However all of the documentation on the Azure support site refers to using certificates with Roles, and explains about using CSEncrypt and then modifying the ServiceDefinition.csdef.

    I then started looking into how to secure RDP but all of the documents I find relate to setting up a Remote Desktop Session Host rather than just the basic Remote Administration, also most are W2008 not W2012.

    Has anyone else looked into this and got any experience they want to share...?

    All help appreciated.

    Kind regards,

    John

     

    Tuesday, January 29, 2013 1:18 PM

Answers

  • Hi,

    I have noticed that I often get a lot of "Access Denied" events in the Windows security logs when I am hositng VMs in Windows Azure. I did a test, and these events started apearing about 45 minutes after the VM was created. Another user on the forums noticed some suspicious activity on a Windows Azure VM.

    I'd guess that these are mostly dictionary attacks using common user names and passwords. If you are not using strong passwords, there is a chance that the VM could become compromised, irrespective of how strong the RDP protocol security is.

    Sabdrino Di Mattia has a great blog post on how you can secure virtual mechines running in Windows Azure:

    http://fabriccontroller.net/blog/posts/securing-access-to-your-windows-azure-virtual-machines/

    Its well worth reading.

    Regards,

    Alan

    


    Free e-book: Windows Azure Service Bus Developer Guide.

    • Marked as answer by JR Thompson Tuesday, January 29, 2013 4:44 PM
    Tuesday, January 29, 2013 1:54 PM

All replies

  • Hi,

    I have noticed that I often get a lot of "Access Denied" events in the Windows security logs when I am hositng VMs in Windows Azure. I did a test, and these events started apearing about 45 minutes after the VM was created. Another user on the forums noticed some suspicious activity on a Windows Azure VM.

    I'd guess that these are mostly dictionary attacks using common user names and passwords. If you are not using strong passwords, there is a chance that the VM could become compromised, irrespective of how strong the RDP protocol security is.

    Sabdrino Di Mattia has a great blog post on how you can secure virtual mechines running in Windows Azure:

    http://fabriccontroller.net/blog/posts/securing-access-to-your-windows-azure-virtual-machines/

    Its well worth reading.

    Regards,

    Alan

    


    Free e-book: Windows Azure Service Bus Developer Guide.

    • Marked as answer by JR Thompson Tuesday, January 29, 2013 4:44 PM
    Tuesday, January 29, 2013 1:54 PM
  • Hi Alan,

    Thanks for the response.

    I thought the password was reasonably secure but maybe it needs reviewing.

    Also, thank you for the link to the blog, it is exactly what I am looking for.

    Kind regards,

    John

    Tuesday, January 29, 2013 4:44 PM