Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

SecureRDP

Introduction

2X is already known by their products like 2X Application Server, 2X Thinclientserver and 2X Load Balancer and their very completive pricing of these products. With SecureRDP 2X even have a Freeware product. Like more products this product comes originally from Terminal-Services.net company, which was acquired by 2X some time ago.

With SecureRDP you can add an addition layer of security to your (Terminal) Servers by filtering connections to the server before a user will be presented with a login screen.




Installation

Like most 2X product the installation file is relatively small and the installation it selves is straight on. The only parameter that needs to be specified is the destination directory where the program needs to be stored. The software need to be installed on every server you would like to use the utility. SecureRDP can be installed on a Windows 2000 or Windows 2003 server with Remote Administrator or Application mode. The product can thus be installed on all your servers for example to add additional security to your SQL or Exchange servers. This version also support connection made to Citrix Presentation Server. After installation a reboot is required

Configuration

After the reboot you can start the utility out of the start menu. SecureRDP has set of four filters available. The connections can be filter bases on IP address (ranges), Computer name, MAC address and Client version. This filters can be combined in one configuration or you can just use one filters.

Using the IP address filter you can filter on IP address or a range of IP addresses. Each rule can be given the action Logon enabled or Logon disabled. Like every filter you can allow access by default using the checkbox or use the default setting that logons are disabled except the specified rules.

Image

Using the computer name filter the same options are available as in the IP address filter. Computer names can be specified using wildcards. In this way you can add ranges (useful if you have a standard naming convention of your clients).

When using MAC address filtering you need to specify each MAC address in the console.  The last filter is based on the client version of the RDP client. The list of version number is not complete up-to-date and Citrix clients are not mentioned at all.

Additional more security

As additional layer you specify some options that are on top of the filter features mentioned above. The first additional option is time restriction. With time restrictions you can in a basic way allow or disallow connections on a day by day basis. You can also specify a timeframe, but this timeframe is for all days only. Also this option is for every connection (except administrators sessions).

Secondly you can configure session restrictions based on IP address or username. The first method is configuring a default setting for all sessions and specify exceptions. Or you only specify special settings for some IP addresses or username and do not specify a default configuration. Additional options are not counting disconnected session, reset disconnections and ignore administrator sessions.

Image

In the tools section are the last features of the product. Here you can configure the messaged displayed when a connection is refused to your own needs (one message per filter possible), active a logfile (in the text file  the refused connections are displayed) and the filtering logic (AND or OR logic for the several filters). There is also a possibility to add servers, this component shows the connections to servers and the state of these connections. 

Applying configuration

When you have configured your SecureRDP settings they need to be applies using the Apply Configuration button. The settings are than configured on that particular server. There is no possibility to apply the settings to another server out of the console. You can save the configuration into a file. This file can be loaded into a console on another server, followed by the apply configuration step. It's a pity that this must be done manually on every server.

When you applied the configuration the settings are directly active. When there is filter rule match the configured message is displayed before the login screen is displayed (in this way your domain- or computer name are nit viewable).

Image

Conclusion

SecureRDP is nice security addition to your servers. The filters are easy to configure and the most are useful. Also it's nice that you the messages pop-up before the login screen is displayed and the messages can be adjusted to your needs. A nice feature is also that you can use the product when users connect with the Citrix ICA protocol.

However the product is not maintained active. The RDP client versions are not up to date and the small online manual is still from Terminal-Services.Net. Also the included readme text file is mentioning that the product is shareware and can be used just for 30 days.