Both the campus firewall and our EECS firewall block commonly-vulnerable Microsoft ports from the outside world, but we are not blocking access to port 3389, Remote Desktop Protocol (RDP). This leaves RDP open to brute force attacks, and is responsible for many EECS Windows account lockouts. It is considered poor security practice to expose RDP to the internet.
Beginning February 20, we will be blocking RDP connections from off-campus at the EECS border; RDP connections to devices on the IRIS networks from campus networks, including the campus VPN, will not be blocked. So, if you wish to make a Remote Desktop connection to a machine on the IRIS networks, then you should first establish a campus VPN connection.
An exception to the RDP block will be the department Windows Terminal Server, winterm.eecs — Remote Desktop connections to winterm.eecs will not be blocked, so no VPN connection is necessary. Software on winterm.eecs will help mitigate brute force attacks.
To summarize, as of February 20:
* VPN users will still have the same access to their remote desktops.
* Access to winterm.eecs will not change.
* Users who use RDP to other devices on our network from off-campus will need to use VPN first.
See also:
* The campus VPN service