Never expose Port 3389 directly to the internet. Use an RDP Gateway or require users to connect via a secure VPN first. 3. Use Account Lockout Policies
The lifecycle of an RDP brute-force attack using tools like Z668 generally follows a four-step process: rdp brute z668 new
The tool utilizes massive "wordlists" (collections of leaked or common passwords) to attempt entry. Never expose Port 3389 directly to the internet