system: VPS windows server 2008r2 at a remote location, directly exposed to internet

Administration is possible only via Remote Desktop.

I cannot disable&replace the default administrator account with a different username...which means I get a lot of brute force attacks.

I created rules in the firewall to limit the scope of the remote IP addresses, even limited the scope of the RDP rules down to my client IP address only.I tested the rules by trying to access the vps server from a wifi hotspot (starbucks was useful for once) and indeed I was not to rdp into myserver.

Yet I still find Nigerian , chinese taiwanese iranian and so on based IP addresses in the event log under audit failures. 

I didn't want to limit the ip scope, because if my ISP changed my IP address ,I'd lose access to my VPS server... then again, why are the Nigerians still getting in?

Anyway, is there a way to replace the username and password login with a public/private key method like it is under Linux? Or perhaps is there a better solution?

Hope someone can help.

Thank you in advance! 

Paolo

Port 3389 (RDP) is commonly probed on the internet. Poor mans effort might be to move RDP to a non-standard port, i'd recommend using a port translation rule on your router\firewall though. This is by no means a secure method though!

I'd highly recommend running a VPN, with nice long secure keys and closing RDP to the outside world all together. If it is public facing, close as many ports as is humanly possible. Limit the attack surface.

• Proposed as answer by Microsoft Jim Wednesday, February 25, 2015 9:48 AM

Thanks for your reply.

VPN would work if my VPS provider didn't prevent installing a separated NIC for the VPN.

Thanks anyway!

So, your suggestion gave me an idea.

First I discovered why the Nigerians could keep getting in....a rule for utorrent opened everything...! That rule is gone now.

The idea is as following: lock the RDP to the one ip address I use but install a SSH server open to any IP address that mandates key pair based logon only,using a public/private key pair that I only obviously have.

Brute force will never work on a key pair only login shell. Let them try it if they want. (Assuming nobody manages to crack my home network and steal my files :-)

If my ISP changes my ipaddress, I can login via SSH and modify the firewall rule (which I tested already).

Of course this works for people like me who just have a VPS server for personal use with a very clear knowledge from which ipaddress they access their server.

Anyway..hahahah take this Nigerians & Co hackers!

Ok thanks for your inspiring suggestion!

Anything else we can help with?