Hello all,
I have a virtual environnement:
One ESXi with one VM Pfsense that is used as my core. I also have a WRK (Work) VM that runs W10
Pfsense as a WAN (Public IP the server provider gave me) and one LAN /24 (The one i created on Pfsense)
All this environnement is hosted in the cloud, so whenever i want to access the W10 VM or whatever other Debian VM, i usually go for VPN, and it works perfectly. But when sometimes i'm in another computer (Friend, Wifey, or even Work Computer) and i cannot just simply install Openvpn on those computers.
So i decided to do a port translate of RDP going to my W10 WRK VM. So the port i set to reach my VM is not the default 3389 RDP port. The thing is that i'm very very uncomfortable with having a RDP port open on to the internet without any filtering based on the source IP or the MAC..
I don't really know what is best in this situation ? Choosing comfort over security is not very safe, but may be there's something i can do so that i can access EASILY via RDP a VM from Any computer, and still be safe.. ?
I thought about adding MAC filtering, but PFsense is only a L3 Firewall so it will not care about all the L2 stuff..
After that i thought about setting up a IPS/IDS (Suricata) that would block IPs after too many attempt, but it causes the problem that when i'll try to reach from a new public IP to my infrastructure, i'll get my IP ban.. Maybe the solution is to have a less restrictive set of rules ?
I did a translation and not a forwarding of RDP port so that it is not the default 3389, but still, someone who makes a port scan on my public IP will be able to see that port openned..
So my questions are:
Is it safe to have RDP ports open on the intenet (I'm 99% sure, that no) and if not, what could be the best solution to my problem ? Is there a way to do that without configuring a entire IDS/IPS like Suricata, or is this the only solution ? :)
Thank you a lot for your time !
No comments:
Post a Comment