Within our legacy infrastructure we need to keep port 3389 exposed so that we can remote desktop into this server (note that we can't go back and utilize IaC to prevent this).
We currently restrict the IP range that can access this port. Is this enough for security? This article mentions never globally exposing this port: https://www.grc.com/port_3389.htm
