Implementing Microsoft RDP Two-Factor
If you’re like me, chances are you have a server environment at home for testing and for learning. I have a physic dedicated server at my house running Server 2012 and hosting a Hyper-V environment. The server, for the most part, is headless, no keyboard, mouse or monitor hooked to it normally. Remote Desktop is essential to being able to manage the server. Since much of my testing and tinkering is done from outside of my home network, I reluctantly have the RDP service open to the outside world. Granted, I have changed the default port and I use a Yubikey to input my super-long password to access the server, there was still something about having it accessible from online that left me uneasy.
Last year at GrrCON InfoSec conference, I spoke with a couple of people at the Duo Security booth about their two-factor authentication system, as two-factor was something that was peaking my interest at the time. They seemed to have a solid system, but unfortunately it wasn’t until just last week that the company pop’d back up on my radar, after seeing them as a sponsor for GrrCON again this year.
I signed up for an account at their website, duosecurity.com, which was quick, easy, and free. After signing up, I looked through their list of services, two of them caught my eye, Microsoft RDP and WordPress.