The Remote Desktop Protocol (RDP) in its default configuration is vulnerable to certain types of attacks. In order to increase security of the RDP connections to your cloud server, Intermedia recommends:

Restricting access to the 3389 port

In order to allow RDP connection only from certain IP addresses, rules must be created in the HostPilotĀ® Control Panel. The first rule will allow access to a Cloud Server from an IP address, while the second one will deny access from all other addresses. Note that for each IP address there should be a separate rule.

To create a rule, navigate to HostPilot > Services > Cloud Services > Firewall > Add New Rule.

panel

To create a rule to allow access:

AllowRule

  • Rule Name: enter the name of the rule
  • Traffic Direction: Incoming
  • Protocol: TCP
  • Source: Host (if you want to add a single IP address); Subnet (if you want to add a subnet); IP Range (if you want to add a network with sequential IP addresses)
  • Source Host/Subnet/IP Range: enter the IP address(es)
  • Source Port: should be left blank
  • Destination: Host (if you want to add a single cloud server); Subnet (if you want to add a subnet); IP Range (if you want to add a cloud server network with sequential IP addresses)
  • Destination Host/Subnet/IP Range: select the cloud server or enter the IP address(es)
  • Destination Port: 3389
  • Action: Allow
  • Enabled: Yes

To create a rule to restrict access:

DenyRule

  • Rule Name: Enter the name of the rule.
  • Traffic Direction: Incoming
  • Protocol: TCP
  • Source: Any (0.0.0.0/0)
  • Source Port: Should be left blank
  • Destination: Host (if you want to add a single cloud server); Subnet (if you want to add a subnet); IP Range (if you want to add a cloud server network with sequential IP addresses).
  • Destination Host/Subnet/IP Range: Select the cloud server or enter the IP address(es).
  • Destination Port: 3389
  • Action: Deny
  • Enabled: Yes

Read the Knowledge Base article on How Do I Manage Firewall for Cloud Server Network in HostPilot? for more information.

Using VPN

VPNs provide security through tunneling protocols and security procedures such as encryption. To secure RDP connection, VPN tunnel must be created between your local network (firewall) and cloud server network (firewall).

To create a VPN tunnel, navigate to HostPilot > Services > Cloud Services > VPN > Add New VPN Tunnel.

VPN

VPNs

  • Tunnel Name: Enter the name of the tunnel.
  • Description: Add a descriprion if necessary.
  • Peer IP: Enter external IP of the VPN endpoint/appliance.
  • Peer Gateway: enter gateway IP of the remote peer subnet.
  • Peer Subnet Mask: Enter subnet mask of the remote peer subnet.
  • Encryption Protocol: Select desired encryption protocol:
    • AES
    • AES-256
    • 3DES
  • Shared Secret: Enter the secret following the requirements or click Generate.
  • MTU: Specify Maximum transmission unit.
  • Open VPN Tunnel: Use the option Open VPN Tunnel to create a tunnel for all private network, i.e. for all of your Cloud servers. If this option is not selected, a VPN tunnel is created for one Cloud server only.

Read the Knowledge Base article on How to Create and Manage VPN Tunnels for more information.