Home
About
Blog
Media Gallery

Securing RDP


Mostly relevant from Windows 7/2008(R2) and up. Steps you can take to secure RDP traffic. Don't forget setting a good password as well if you open up your own server for Internet access (12+ characters long, and not just alphanumeric).

Don't Make It Obvious

Change your port to something else than 3389 (preferably something available between 1024 and 65535). You can then forward it to your server at 3389 in your firewall and/or router in your network. To connect to this new port in your client, just use IP:PORT (e.g. 127.0.0.1:1234).

Group Policy Editor (gpedit.msc)

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security

Local Security Policy (secpol.msc)

Account Policies > Account Lockout Policies

Additional measures

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options



Regardless of all these precautions, RDP still opens up for NTLM brute force attacks. It can even be wise to go as far as blocking all NTLM traffic in general if your machine is exposed on public networks. An option to continue using RDP is to set up site-to-site VPN between target networks. If you are on a public network and want to block NTLM temporarily:

Local Security Policy (secpol.msc)

Local Policies > Security Options > Network Security: Restrict NTLM: Incoming NTLM-traffic


Original Post: Jan 28th, '22 00:28 CET.

Tags: Windows