sordidarchetype wrote:hellow533 wrote:I also noticed this however limits users, as they cannot access all internal network resources.
Users should still be able to transfer clipboard data seamlessly, and share serial and peripheral devices to the host (I believe this all requires activex controls).
As far as I know, unless I'm mistaken, they cannot share peripheral devices to the host through a tunnel, they can only access whatever they are tunneling to, whereas with a standard remote desktop connection they can access all other devices on the network. I believe SSH is what supports that. I believe I read he is using Windows 2008 server, which supports both SSH and IPSec.
With IPSec, there are two modes. Tunnel mode encrypts the entire IP packet, protocol data, and payload. Transport mode just encrypts the transport layer (TCP, UDP, ICMP).
However, I believed this was beyond OP's comprehension. I told him to just made a blacklist. Attackers are added to the blacklist when there are x amount of failed entries to the network within x amount of time. They would then have to manually be removed. That means they cannot just run a bunch of guesses on the network and move on, but would be limited to let's say 5. 5 attempts within x minutes = IP ban from network. Even with multiple attackers from multiple botnets, each botnet would then be banned after so many failures.