When you have a virtual Windows server in the cloud (say, an EC2 Windows Server 2008 instance) and your only way into it (initially) is Remote Desktop, what are some good ways to make that secure?
(particularly if you can't predict what IP you will be connecting from)
My immediate suggestion is to redesign your EC2 environment to put the Windows box behind a firewall and VPN in.
If that isn't possible, take a look at TechNet's configuration info for RDP, particularly the Encryption part.
Note that this will protect your data in transit, but doesn't stop someone from guessing your password or exploiting a zero-day hole in the RDP server -- A firewall is really a must-have item here...
The first thing you probably want to do is disable the default administrator user and create a new admin user. It's not uncommon to see failed SSH login attempts on Linux instances on EC2 and you'll likely see similar failures in your security event log if your security group is open to the world.
You probably want to restrict the security group allowing RDP access to specific IP blocks if you can't predict the specfic IP address you are connecting from.
Reviewing Amazon VPC or setting up your own VPN using an OpenVPN server are other options you might want to consider