RDP: tips and tricks to improve security

RDP: tips and tricks to improve security

RDP, or Remote Desktop Protocol, is one of the most common methods to connect to and manage your Windows VPS hosting server. It’s usually included in

7 Reasons You Can’t Ignore Software Testing 
5 Types Of Insurances Needed By Property Management Companies
How to Analyse Company Spending Easily

RDP, or Remote Desktop Protocol, is one of the most common methods to connect to and manage your Windows VPS hosting server. It’s usually included in all Windows server versions and even has a built-in client for the desktop. Because it’s the easiest and most convenient method, it’s widely used by many users who run their systems on this OS. But this has a major drawback, and such popularity comes at a price. RDP is also the biggest target when it comes to brute-force attacks, and that is why users are strongly advised to take additional measures to secure it properly. Here’s what you can do.

Use a VPN

Getting a Virtual Private Network is probably one of the best ways to protect your Windows VPS hosting server from malicious users. A VPN works in a pretty simple way, but it provides lots of security for your data.

When enabled, your connection will first contact a secure private network before reaching your system. Once it connects, then the desktop from which you’re accessing your server is assigned a private IP address that is later used to open the RDP connection to the server. With the VPN, the system only allows those connections that come from the VPN address, while outside IP addresses are rejected. This way, only you can access your system.

Scope the RDP Firewall rule

In addition to the VPN, you can also use your Windows firewall to limit access to your RDP port. This process of restricting port access to a single or a group of IP addresses is called “scoping” the port. After you do this, your Windows VPS hosting server will only accept connections from IPs that are included in the scope. Attempts from other IPs are simply rejected.

To scope the firewall, you have to:

  1. Open Windows Firewall via the search menu.
  2. Click on “Inbound Rules”.
  3. Scroll until you find the “RDP” rule, then double click it and select the “Scope” tab.
  4. Make sure you include your current IP address in the list.
  5. Under “Remote IP address” select “These IP addresses”.
  6. Click “Okay”.

Change the RDP Port

RDP has a liability that malicious users like to exploit – the default port of 3389. By taking advantage of the fact that not many users actually change it, they can easily get access to your Windows VPS hosting server. Before changing the port, make sure that the new one is open in the firewall, or otherwise, you’ll be locked out of the system. Next, follow these steps:

  1. Enter regedit.exe in the search bar to open the Registry editor.
  2. Navigate to: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp”.
  3. Open it and scroll until you find “PortNumber”. Change it from HEX to DEC so that it’s in numbers.
  4. Type in whatever port number you’d like as long as it’s not already in use.
  5. Close the editor and reboot the server.

You have to make sure to reconnect to the server with the new RDP port number that you just entered.

Enable Network Level Authentication

Windows servers also provide Network Level Authentication by default, and you should make use of this feature. It provides an additional level of authentication before a connection is established. It will provide double the security when enabled alongside a VPN. You should only disable this if you’re working with platforms that don’t support NLA.

To check your NLA, navigate here: Computer\Policies\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.

Limit who can log in using RDP

If you have multiple Administrator accounts on your computer, you should limit their remote access to your Windows VPS hosting server only to those that need it. If several people are working with the system, it’s best to add a group instead of keeping the local Administrator account as it could be exploited. Follow these steps to remove the local account:

  1. Access “Local Security Policy” via the desktop search bar.
  2. Navigate to “Local Policies” and then to “User Rights Assignment”. Through here, access “Allow logon through Terminal Services” or “Allows logon through Remote Desktop Services”.
  3. Remove the Administrators group and just leave the Remote Desktop Users group.
  4. Use the System control panel to add users to the latter group.

Set an account lockout policy

It’s a fairly simple step that can greatly help you out in the long run. Just set your system to lock out an account after an incorrect number of guesses. This way you’ll secure your Windows VPS hosting server from brute-force attacks that try to hack into your account with automated password guessing tools. To set up this account lockout policy:

  1. Access “Local Security Policy” via the desktop search bar.
  2. Navigate to “Account Policies” and then to “Account Lockout Policies”.
  3. Set the values for all three options.

Yes, without the proper care and set up, RDP can be easily exploited and hacked by malicious users. But if you are proactive and implement the security measures listed here, you’ll save yourself the trouble of dealing with hackers and their attacks. Remote connections carry a lot of sensitive data that you shouldn’t risk losing – take the right steps and ensure their protection.