Remote Desktop, simple small business example

A small business sought a cost-effective, secure remote access solution for their remote desktop servers.
They relied on a Linux-based edge firewall, using port forwarding to direct RDP traffic to internal machines. Although they utilized high, non-standard ports, these were frequently discovered, leading to daily brute-force attacks. As a result, internal Windows systems remained exposed at the network layer, vulnerable to any zero-day RDP exploits.

The goal:
Implement just-in-time network access controls for these RDP port forwards, without introducing a VPN – a solution that could add complexity and potential vulnerabilities.

The result:
Knocknoc was deployed on the existing Linux firewall to dynamically manage trusted IP addresses using IPSets. This approach effectively eliminated the network attack surface, and brute-force attacks naturally ceased as they were no longer possible.

This also introduced MFA to the RDP process as the small business utilised Office 365 (Entra), which added another layer of authentication security to their remote desktop environment, also closing notable compliance risks.

Technical how:

There are a number of ways to protect Remote Desktop (RDP) using Knocknoc. These include firewall orchestration or reverse proxying/brokering. 

In this example an existing IPTables firewall was utilized, so leveraging IPSets made sense, resulting in a high performance dynamic configuration.

However Knocknoc has also been deployed in conjunction with Apache Guacamole, creating a seamless high-security web based / in-browser RDP (SSH/VNC) experience.