You may not know it, but as soon as you enable Remote functionality on a Windows machine, you effectively open its RDP ports to the outside world, specifically ports 3389, 3387, 3392. Hence, if your server is directly connected to the Internet, you are vulnerable to RDP brute-force and vulnerability attacks. According to our own study, a Windows device directly connected to the Internet is prone to hundreds of thousands of password attempts every week, performed by automated bots, scripts, viruses and zombie machines. RDP exploits are also part of the equation, with vulnerabilities such as BlueKeep.
Cameyo's RDP Port Shield feature is a unique, dynamic firewall feature which addresses this threat by closing RDP ports at the Windows Firewall level, and then opening them specifically to authenticated users if / when needed. It works by creating and managing in real-time an RDP white-list firewall rule on the server.
The RDP Port Shield functionality can be configured on your Cameyo's server page. It is enabled by default:
You can add a list of comma-separated IP addresses that always need to be allowed through. In most cases this is not necessary, as even administrative access is dynamically allowed when needed, as explained below. Changing this setting requires a service restart. This can be done using the "Restart service" button.
RDP Port Shield mechanism works in 3 phases:
In the below example, Cameyo's Port Shield has disabled built-in RDP allow rules. It added its own rule with placeholder 255.255.255.254 address.
Following a portal-authenticated direct RDP session request, Port Shield has added authorization for the RDP connections coming from the 37.189.xxx.xxx address:
This access permission will be cleared up upon the next Cameyo service restart within a few hours, bring it back to pre-white-listed IP addresses only: