Save up to 20%
on every Cloud VPS plan. Starts from $3.96 Limited Time Offer.
Knowledge Base

Secure rdp connection

[featured_image]

Remote Desktop Protocol (RDP) serves as a critical tool for remote
administration, allowing users to control systems from afar. However,
its widespread use has made it a prime target for brute force attacks.
These attacks exploit weak passwords, attempting to gain unauthorized
access to systems. With the rise of remote work, securing RDP has never
been more crucial.

Comprehensive
Guide to Enhancing RDP Security

By adhering to the recommendations outlined below, you will bolster
the defenses of your remote desktop environment against unauthorized
access and cyber threats.

Renaming
the Administrator Account and Securing User Access

Press Windows key + R, type
lusrmgr.msc, and press Enter to open
the Local Users and Groups Manager.

Open Local Users and Groups Manager

To rename the Administrator account:

  • In the middle pane, right-click on the
    Administrator account and select
    Rename.
Rename Administrator
  • Enter the new name for the administrator account and press
    Enter.

To disable the Guest account:

  • Find and double-click on the Guest account.

  • Tick the Account is disabled checkbox and click
    on OK.

Check account is disabled

To regularly check RDP access permissions:

  • Click on Groups in the left pane.

  • Double-click on the Remote Desktop Users
    group.

  • Review the list for authorized users. To remove a user, select
    them and click Remove. To add a user, click
    Add and enter the necessary details.

  • Click Apply and then OK to
    confirm any changes.

Add/remove users

Implementing a
Strong Password Policy

  1. Open the Group Policy Editor by pressing Windows key +
    R    , typing gpedit.msc into the Run
    dialog.

  2. Navigate to Computer Configuration > Windows Settings >
    Security Settings > Account Policies > Password Policy.

  3. Define the minimum password length and complexity requirements to
    enhance security.

  4. Enforce password history to discourage the reuse of recent
    passwords.

Navigate to password policy

Limiting
RDP Access via Firewall Configuration

  1. Open Windows Firewall with Advanced Security by
    typing wf.msc in the Run dialog (Windows key +
    R).

  2. Click on Inbound Rules in the left
    pane.

  3. Locate the rules for Remote Desktop – User Mode
    (TCP-In)     and Remote Desktop – User Mode
    (UDP-In)    .

  4. Right-click each rule and select
    Properties.

  5. Under the Scope tab, click on These IP
    addresses     in the Remote IP address
    section.

  6. Click Add and specify the IP addresses that are
    permitted to establish RDP connections.

  7. Confirm the changes by clicking OK and ensure
    the rules are enabled.

Limit RDP access

Setting Up
Multi-Factor Authentication

  1. Choose an MFA solution compatible with your RDP setup (e.g., Duo Security, Microsoft
    Entra    ).

  2. Follow the specific MFA provider’s installation and configuration
    guide to integrate it with your RDP environment.

  3. Enroll users and set up secondary authentication methods like
    mobile apps or hardware tokens.

Enabling Network
Level Authentication

  1. Right-click on This PC and select
    Properties.
Properties

  1. Click on Remote settings.

  2. Under Remote Desktop, ensure Allow
    connections only from computers running Remote Desktop with Network
    Level Authentication     is selected.

Allow remote connections to this computer

Changing the Default RDP
Port

  1. Press Windows key + R to open the Run
    dialog.

  2. Type regedit and press Enter to
    open the Registry Editor.

  3. Navigate to HKEY_LOCAL_MACHINEServer-Tcp.

  4. Find the PortNumber subkey, double-click it,
    select Decimal, and enter a new port number.

PortNumber
  1. Click on OK, close the Registry Editor, and update
    your firewall rules accordingly.

Now, to allow the new port through the Windows
Firewall:

  1. Open the Windows Firewall by pressing Windows key +
    R    , typing wf.msc.

  2. In the left pane, click on Inbound
    Rules    .

  3. Click on New Rule on the right pane.

  4. Select Port and click on
    Next.

  5. Choose TCP and specify the new port number you
    set in the Registry Editor, then click Next.

Choose TCP

  1. Select Allow the connection and click on
    Next.

  2. Ensure Domain, Private, and
    Public are checked to define the rule’s scope as
    needed, then click Next.

  3. Give the rule a name, such as Custom RDP Port,
    and click on Finish.

  4. Restart the system and then make sure to connect via the new
    port.

Connect via the new port

Configuring
Account Lockout Policies

  1. Access the Group Policy Editor by pressing Windows key +
    R     and typing gpedit.msc.

  2. Navigate to Computer Configuration > Windows Settings >
    Security Settings > Account Policies > Account Lockout
    Policy.

  3. Set the Account lockout threshold, Account lockout
    duration    , and Reset account lockout counter
    after    ,to appropriate values.

Account lockout threshold

Updating Systems and
Software

  • Enable automatic updates in Windows Update settings.

  • Regularly check for updates on all software used in conjunction
    with RDP.

  • Apply updates during scheduled maintenance windows to minimize
    disruption.

Deploying
Antivirus and Anti-Malware Solutions

  • Select a reputable antivirus and anti-malware software.

  • Install the software following the manufacturer’s
    instructions.

  • Set the software to update automatically and perform regular
    scans.

Conducting
Regular Security Audits and Setting Up Alerts

  1. Open the Event Viewer by typing eventvwr.msc in
    the Run dialog (Windows key + R).

  2. Navigate to Windows Logs > Security and look for event ID
    4625.

  3. To set up alerts, right-click on Security and
    select Attach Task To This Log….

  4. Follow the wizard to create a task triggered by multiple
    instances of event ID 4625.

Attach Task To This Log
  1. Choose an action like sending an email or displaying a message when
    the task is triggered.
Choose an action
  1. Complete the wizard and name the task for easy identification.

Using VPNs for
Additional Security

  • Determine the need for a VPN based on your security requirements
    and the sensitivity of the data being accessed via RDP.

  • Select a reputable VPN service provider or set up your own VPN if
    you have the capability.

  • Install and configure VPN client software on all devices that
    will use RDP.

  • Train users to connect to the VPN before initiating an RDP
    session to ensure that the remote desktop traffic is encrypted and
    secure.

  • Regularly update and maintain the VPN infrastructure to address
    any security vulnerabilities and ensure that it remains robust against
    threats.

Fortify your RDP like a digital fortress. Regular updates and best
practices are your vigilant sentinels, ensuring your network’s defenses
remain impenetrable. Stay alert and proactive—your cybersecurity depends
on it. If you have any questions, don’t hesitate to contact our support
team by submitting a
ticket.

Table of Contents