As systems administrators we are often tasked with implementing countermeasures to mitigate risks that we can’t completely address. The intent of this post is to cover methods of reducing the risk presented by having Remote Desktop Services (formerly Terminal Services) available on the network.

The risks that I will cover are:

• Man in the Middle attacks
• Sniffing / Traffic capture
• Brute Force Attacks
• Information Disclosure

This post was updated 2019.05.28 to fix broken links, add commentary for Windows 2016 and Windows 2019, and add instructions for enabling CredSSP for WinXP as a client since the Microsoft link is dead.

Continue reading →