Did you know that a sixteen-letter password is considered unhackable? And what is more expensive: the server or the information stored on it (or was stored on it)? We decided to write a short but probably the most useful article for many people, especially if you are just starting out as a system administrator.
The advice to change the standard RDP port 3389 to some other port is no longer relevant for a few years: various programs like zmap/nmap allow you to scan all IP addresses on the Internet within a day and find out what ports are open on your device.
Next, the standard brute force is launched.
If the standard Administrator login is used, it’s only a matter of time before the workday starts with the message “Your data is encrypted, transfer $500 to your cryptocurrency wallet” (in some cases, this message can be seen within a month).
For example, in 2020 during the lockdown, it was discovered through monitoring of current threats that the number of network nodes accessible via the Remote Desktop Protocol (RDP) increased by 9% to over 112,000 in just three weeks.
This research was conducted using the same methods that hackers use to scan the Internet, which has only fueled cybercrime, especially when most system administrators leave the default port for RDP connections at 3389 and the login “Administrator” for remote desktop connections.
There are many ways to protect an RDP server and all of them are effective – SSH, VPN, and access by electronic digital signature, but all of these methods have a common disadvantage – if we are talking about quick access through the phone or from a computer on a co-working space, all these methods of protection do not give the opportunity to quickly connect, at least because it is unlikely that in the case of working on equipment that does not belong to you will allow you to install additional software.
It is also worth considering that not always have the opportunity and means to purchase the necessary additional equipment and software.
But at the same time, if you refer to the research conducted by Verison in 2020 on RDP hacking statistics, it turns out that 80% of hacks are not related to the vulnerability of the RDP protocol itself, but to the combination of simple passwords and standard logins.
In short, the situation here is about the same as for women who have been prescribed PCOS supplements.
Managing PCOS requires regular monitoring of hormone levels and health – just as servers require careful management and regular monitoring to maintain security.
If the task is to create the simplest and most effective protection that may take decades to crack even with a standard login, we recommend using a complex but maximally effective password.
For example, the password Wdd6sasRT92113Es is very hard to remember, but it will take about 100 trillion years to crack it. That’s enough time for you.
As for the login, of course, it should not be standard, for example, administrator or accountant, but according to statistics, most of the hacks are somehow related to data leakage from former employees, because to find out what logins are used in the organization, it is enough to look at the list of employees in Task Manager, each name is the login of the account (even if you have prohibited the launch of Task Manager to non-administrators, it does not mean that the user can not right-click on the RDP icon and select “Change” to find out the login).
That’s why it’s enough to use a person’s last name or a combination of job title and, for example, office number or first name in one word.
This approach will not help in any way against login browsing but will make it practically impossible to find a login/password pair, provided there is no data leakage.
To finally exclude the possibility of hacking, set a limit on the number of password attempts to three, a maximum of five attempts, and in case of exceeding the incorrect attempts block the user for a week (approximately 9000 minutes), unblocking by the administrator is done in a few seconds, but it is more than enough to detect a hacking attempt and you will know exactly who tried to hack and from whom to ask about the detected login.
Cary, NC, March 24th, 2025, CyberNewsWire INE Security, a global provider of cybersecurity training and…
A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing…
A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails…
INTERPOL led a multi-national law enforcement operation dubbed "Operation Red Card," which has resulted in…
A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a…
A groundbreaking security tool has emerged in the ongoing battle against sophisticated Linux malware. A…