Show Categories

Categories

General

Windows

Linux

Step-by-Step Guide to Secure RDP Connections

Remote Desktop Protocol (RDP) serves as a critical tool for remote administration, allowing users to control systems from afar. However, its widespread use has made it a prime target for brute force attacks. These attacks exploit weak passwords, attempting to gain unauthorized access to systems. With the rise of remote work, securing RDP has never been more crucial.

Comprehensive Guide to Enhancing RDP Security

By adhering to the recommendations outlined below, you will bolster the defenses of your remote desktop environment against unauthorized access and cyber threats.

Renaming the Administrator Account and Securing User Access

Press Windows key + R, type lusrmgr.msc, and press Enter to open the Local Users and Groups Manager.

Open Local Users and Groups Manager

To rename the Administrator account:

  • In the middle pane, right-click on the Administrator account and select Rename.
Rename Administrator
  • Enter the new name for the administrator account and press Enter.

To disable the Guest account:

  • Find and double-click on the Guest account.

  • Tick the Account is disabled checkbox and click on OK.

Check account is disabled

To regularly check RDP access permissions:

  • Click on Groups in the left pane.

  • Double-click on the Remote Desktop Users group.

  • Review the list for authorized users. To remove a user, select them and click Remove. To add a user, click Add and enter the necessary details.

  • Click Apply and then OK to confirm any changes.

Add/remove users

Implementing a Strong Password Policy

  1. Open the Group Policy Editor by pressing Windows key + R, typing gpedit.msc into the Run dialog.

  2. Navigate to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

  3. Define the minimum password length and complexity requirements to enhance security.

  4. Enforce password history to discourage the reuse of recent passwords.

Navigate to password policy

Limiting RDP Access via Firewall Configuration

  1. Open Windows Firewall with Advanced Security by typing wf.msc in the Run dialog (Windows key + R).

  2. Click on Inbound Rules in the left pane.

  3. Locate the rules for Remote Desktop - User Mode (TCP-In) and Remote Desktop - User Mode (UDP-In).

  4. Right-click each rule and select Properties.

  5. Under the Scope tab, click on These IP addresses in the Remote IP address section.

  6. Click Add and specify the IP addresses that are permitted to establish RDP connections.

  7. Confirm the changes by clicking OK and ensure the rules are enabled.

Limit RDP access

Setting Up Multi-Factor Authentication

  1. Choose an MFA solution compatible with your RDP setup (e.g., Duo Security, Microsoft Entra).

  2. Follow the specific MFA provider’s installation and configuration guide to integrate it with your RDP environment.

  3. Enroll users and set up secondary authentication methods like mobile apps or hardware tokens.

Enabling Network Level Authentication

  1. Right-click on This PC and select Properties.
Properties

  1. Click on Remote settings.

  2. Under Remote Desktop, ensure Allow connections only from computers running Remote Desktop with Network Level Authentication is selected.

Allow remote connections to this computer

Changing the Default RDP Port

  1. Press Windows key + R to open the Run dialog.

  2. Type regedit and press Enter to open the Registry Editor.

  3. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.

  4. Find the PortNumber subkey, double-click it, select Decimal, and enter a new port number.

PortNumber
  1. Click on OK, close the Registry Editor, and update your firewall rules accordingly.

Now, to allow the new port through the Windows Firewall:

  1. Open the Windows Firewall by pressing Windows key + R, typing wf.msc.

  2. In the left pane, click on Inbound Rules.

  3. Click on New Rule on the right pane.

  4. Select Port and click on Next.

  5. Choose TCP and specify the new port number you set in the Registry Editor, then click Next.

Choose TCP

  1. Select Allow the connection and click on Next.

  2. Ensure Domain, Private, and Public are checked to define the rule's scope as needed, then click Next.

  3. Give the rule a name, such as Custom RDP Port, and click on Finish.

  4. Restart the system and then make sure to connect via the new port.

Connect via the new port

Configuring Account Lockout Policies

  1. Access the Group Policy Editor by pressing Windows key + R and typing gpedit.msc.

  2. Navigate to Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.

  3. Set the Account lockout threshold, Account lockout duration, and Reset account lockout counter after,to appropriate values.

Account lockout threshold

Updating Systems and Software

  • Enable automatic updates in Windows Update settings.

  • Regularly check for updates on all software used in conjunction with RDP.

  • Apply updates during scheduled maintenance windows to minimize disruption.

Deploying Antivirus and Anti-Malware Solutions

  • Select a reputable antivirus and anti-malware software.

  • Install the software following the manufacturer's instructions.

  • Set the software to update automatically and perform regular scans.

Conducting Regular Security Audits and Setting Up Alerts

  1. Open the Event Viewer by typing eventvwr.msc in the Run dialog (Windows key + R).

  2. Navigate to Windows Logs > Security and look for event ID 4625.

  3. To set up alerts, right-click on Security and select Attach Task To This Log….

  4. Follow the wizard to create a task triggered by multiple instances of event ID 4625.

Attach Task To This Log
  1. Choose an action like sending an email or displaying a message when the task is triggered.
Choose an action
  1. Complete the wizard and name the task for easy identification.

Using VPNs for Additional Security

  • Determine the need for a VPN based on your security requirements and the sensitivity of the data being accessed via RDP.

  • Select a reputable VPN service provider or set up your own VPN if you have the capability.

  • Install and configure VPN client software on all devices that will use RDP.

  • Train users to connect to the VPN before initiating an RDP session to ensure that the remote desktop traffic is encrypted and secure.

  • Regularly update and maintain the VPN infrastructure to address any security vulnerabilities and ensure that it remains robust against threats.

Fortify your RDP like a digital fortress. Regular updates and best practices are your vigilant sentinels, ensuring your network's defenses remain impenetrable. Stay alert and proactive—your cybersecurity depends on it. If you have any questions, don’t hesitate to contact our support team by submitting a ticket.

cloudzy
© 2008-2024 Cloudzy. All rights reserved.
75 Reviews|4.9 Average
Buy VPS with American Express
Buy VPS with Visa Card
Buy VPS with Discover
Buy VPS with Master Card
Buy VPS with Paypal
Buy VPS with Bitcoin
Buy VPS with Ethereum
Buy VPS with Binance
Buy VPS with Tether
Buy VPS with Ripple
Buy VPS via CoinPayments