Remote Desktop Services are powered by Remote Desktop Protocol (RDP) on Windows VPS and other modern versions of Windows. If your system has Remote Desktop enabled, it awaits connections on port 3389 which hosts RDP connections. The issue however is that, since this port allows access to different accounts _and is pretty vulnerable as well_ it has become a popular victim for beginner-hackers looking for an easy target. In this article we describe ways in which to counter that; specifically how to change the RDP port in Windows VPS as well as exploring the applications of Remote Desktop Services.
What is Remote Desktop?
You can access your work files from home!
Remote desktop is a Microsoft program which allows a user to connect to a computer in another location, see that computer’s desktop and interact with it as if it were there. For example, you can use all of your work computer’s programs, files, and network resources from your home computer, and it’s just like you’re sitting in front of your computer at work.
How do I connect to a remote computer?
To connect to a remote computer, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect by being on the list of users.
Rule of thumb; use a strong password!
Basically on a system that does not have an account lockout policy in place, the RDP protocol can be used to get the administrator password by use of a brute force attack. Since the RDP can allow access to other accounts, a threat to it can cause serious security hazards. Worse of all, if the system never locks out the account, then time is the only thing stopping the hacker from eventually guessing your password and logging in.
Account lockout policy is an option…
One possible approach is to implement a good account lockout policy but this alone does not handle the entire issue. Any administrator of a public facing Windows web server will notice that their server is continuously attacked by bots looking for an easy target. The bots will often lock out your accounts which can be frustrating.
Best solution; change the listening port:
To protect your system from the bots and petty-hackers we would recommend changing the default RDP port. This will go a long way in securing your account against bots and hackers.
How to change Remote Desktop port in Windows VPS:
- Click on the Start/run button, type registry editor /(regedit)
- In Registry Editor, navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
- Right click, press New and select DWORD (32-bit) value, Click on the New value #1
- On the small window that pops up, rename new value #1 to PortNumber, Change the base to Decimal, enter a new port between 1025 and 65535 that is not already in use.
- Click OK and reboot.
- Make sure you have successfully rebooted to activate the change.
- Be aware that altering the Windows registry is risky; we recommend that this task be undertaken under the supervision of an experienced administrator.
- Make sure that you have taken necessary backups before you make any changes to the registry.
- Keep in mind that the next time you want to connect to your system with RDP you will need to provide the port number you entered. You can do that from the Remote Desktop client by appending a colon after the host name or IP address followed by the port number. For example, if I have a computer with host name of “test” with RDP running on port 1234 I would use: “test:1234” in the remote desktop client hostname field.