How to – Secure Your RDP Connection

Below are a few simple steps that will make your RDP much more secure against attacts:
1.Add a new user to use with your RDP connection. Do not include strings like “admin”, “administrator”, “adm” etc. in the username. Make this username irrelevant and long. Create a password which is 10-12 characters long, use special characters in it.
2.Deny RDP connection of Administrator user
Run secpol.msc
Go to Local Policies->User Rights Assignment
Double-click “Deny log on through Remote Desktop Services”
Add “Administrator” and Apply
3.Set Account Lockout Policy
Run secpol.msc
Go to Account Policies->Account Lockout Policy
Set an appropriate lockout policy here
4.Change default port for RDP connections

By default, Remote Desktop listens on port 3389. To make your connections more secure, you may want to change this default port to something else as below:

  1. Start Registry Editor.
  2. Locate and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber
  4. On the Edit menu, click Modify, and then click Decimal.
  5. Type the new port number, and then click OK.
  6. Quit Registry Editor.
  7. Restart the computer.

(http://support.microsoft.com/kb/306759/en#LetMeFixItMyselfAlways)

Note: Don't forget to add a new rule in windows firewall to accept connections on your new RDP port.

There are many other things you can do to secure your RDP connections but applying these 4 basic security steps will make it much more secure than a default configuration easily.

Hope this helps someone.

Good luck,
Serdar.

Leave a Reply

Your email address will not be published. Required fields are marked *