Ask HN: Virtual Desktop is a hacker tool?

4 points by jqpabc123 ↗ HN
Windows and Linux remote/virtual desktop products are readily available from multiple providers.

How do you defend against hackers using these to attack your SaaS server? You can't block a single IP because they are dynamic. You can't block the address range because some IPs are legitimate users.

4 comments

[ 0.18 ms ] story [ 17.6 ms ] thread
> How do you defend against hackers using these to attack your SaaS server?

This is a broad question. There are multiple ways to defend, besides basic security like firewalls. Blocking nefarious IPs or domains only gets you so far, as something will slip through the cracks. Try reading this: https://opsec101.org/

Thanks but that doesn't really help.

They keep trying to brute force a login. I block them after too many attempts but they just switch to a different IP in the same address range assigned to MS Virtual Desktop.

As explained in the original post, blocking an individual IP is ineffective and blocking the entire range is impractical because other legitimate customers use Virtual Desktop too.

Instead of exposing them directly to the Internet, have them bind only to localhost. Then run an SSH server so that people can tunnel through it to the ports, and prevent brute force logins by configuring the SSH server to only use public-key authentication.
I don't think this is practical for the customer base I have.

I was hoping to avoid it but 2FA looks like the most reasonable solution.