Defending Against Remote Desktop Security Risksīest-practice protocol to prevent exposure to RDP security issues starts with creating a policy to handle endpoints and making sure the port isn’t accessible to the internet.
But your system could still be vulnerable to attacks within your enterprise. Together, these actions will help prevent unauthorized access outside the enterprise and decrease remote desktop security risks. Create a name or the rule and click Finish. Select which network the location the rule applies to and then click Next. Choose TCP and click Specific Local Ports. Select New Rule and choose Port and click Next. To block TCP port 3389, go to Control Panel → System and Security → Windows Firewall.Then select Allow connections only from computers running Remote Desktop with Network Level Authentication. Click Remote Settings → Remote → Remote Desktop. To enable NLA, go to Control Panel → System and Security → System. Windows Vista, Windows 7, and Windows Server 2008 provide NLA by default.
Patching is an important way to enhance RDP security, but for those enterprises unable to patch right away, Microsoft recommends two actions: enabling Network Level Authentication (NLA) and blocking TCP port 3389. (For these legacy platforms, RDP is known as terminal services.) Windows 8, 10, and newer operating systems aren’t vulnerable in this way. The company issued a legacy patch for its outdated platforms, including Windows XP, Windows Server 2008, Windows 2003, and Windows 2007. Microsoft estimates nearly 1 million devices are currently vulnerable to remote desktop security risks. While RDP operates on an encrypted channel on servers, there is a vulnerability in the encryption method in earlier versions of RDP, making it a preferred gateway by hackers. Without properly securing it, your RDP can become the gateway where a malware infection or targeted ransomware is deployed, resulting in critical service disruption. While RDP is built into Microsoft operating systems, it can also be installed on Apple, Linux, and Android operating systems. That makes remote desktop security risks a top concern for network administrators, security experts, and analysts.įor companies that not only want to meet compliance standards but exceed them, RDP security is a challenge. Because RDP is so widely used, it is a common target for man-in-the-middle cyberattacks. You'll need this later.Remote Desktop Protocol (RDP), the Microsoft Windows component that makes it easy for your employees to connect to work or home computers while they are away, is used by millions.
Make note of the name of this PC under How to connect to this PC. When you're ready, select Start > Settings > System > Remote Desktop, and turn on Enable Remote Desktop.
To check this, go to Start > Settings > System > About and look for Edition. For info on how to get Windows 10 Pro, go to Upgrade Windows 10 Home to Windows 10 Pro. Select the remote PC name that you added, and then wait for the connection to complete.
On your Windows, Android, or iOS device: Open the Remote Desktop app (available for free from Microsoft Store, Google Play, and the Mac App Store), and add the name of the PC that you want to connect to (from Step 1). In Remote Desktop Connection, type the name of the PC you want to connect to (from Step 1), and then select Connect. On your local Windows PC: In the search box on the taskbar, type Remote Desktop Connection, and then select Remote Desktop Connection. Use Remote Desktop to connect to the PC you set up: Make note of the name of this PC under PC name. Then, under System, select Remote Desktop, set Remote Desktop to On, and then select Confirm. When you're ready, select Start, and open Settings. Then, under System, select About, and under Windows specifications, look for Edition. For info on how to get Windows 11 Pro, go to Upgrade Windows Home to Windows Pro. To check this, select Start, and open Settings. Set up the PC you want to connect to so it allows remote connections: