Originally posted by SeanT
View Post
-
Windows firewall:Originally posted by Spoiler View Post
RD Gateway on 443 open to the world.
RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.
Normal user access: RD via RD Gateway and Duo
Admin user backdoor: VPN auth with certificate / key, RDP direct to serverLeave a comment:
-
Just trying to figure out exactly how that would work ...Originally posted by SeanT View Post
Spin up a Linux box in Lightsail, and run OpenVPN server on it.
Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
Then, connect to VPN Server from home PC and run RDP over it.
If the admin account was secured with 2FA, then I'm still reliant on that working okay.
If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???Leave a comment:
-
Potential sticking point: https://forums.aws.amazon.com/thread...hreadID=252542Leave a comment:
-
Yep, just install remote desktop gateway on the same server, and set up Duo. I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).Originally posted by Spoiler View PostLeave a comment:
-
This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.Originally posted by Dante View Post
Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...Leave a comment:
-
https://amazonlightsail.com/
Windows Server:
2 GB Memory
1 Core Processor
50 GB SSD Disk
3 TB Data Transfer*
$30 / £22.95 a month
EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).Last edited by Dante; 3 November 2017, 15:54.Leave a comment:
-
BTW Spoiler, just what is the application, could I get it to run in a container for you?
Leave a comment:
Leave a comment: