change remote desktop port

Change Remote Desktop Port for Better Security

Photo of author
Emma Lawler
0

Remote Desktop Protocol (RDP) is a widely used feature in Windows operating systems, enabling users to connect to computers remotely. By default, RDP listens on port 3389, which is well-known and often targeted by malicious actors. Changing the default RDP port can enhance security by reducing exposure to automated attacks and provide flexibility in network configurations. This comprehensive guide will walk you through the process of change remote desktop port, discuss the benefits and considerations, and provide a comparison of default versus custom port configurations.

Why Change the Default RDP Port?

Changing the default RDP port offers several advantages:

  • Enhanced Security: Using the default port 3389 makes systems susceptible to automated scans and brute-force attacks. Changing the port adds a layer of obscurity, reducing the likelihood of unauthorized access.

  • Reduced Unauthorized Access Attempts: Attackers often target default ports. By modifying the RDP port, you can decrease the number of unauthorized login attempts.

  • Improved Network Flexibility: In environments where multiple machines require RDP access, assigning different ports allows for individualized configurations, facilitating better management and access control.

How to Change the RDP Port in Windows

Changing the RDP port involves modifying the Windows Registry. Caution: Incorrect changes to the registry can cause serious system issues. Ensure you have a backup before proceeding.

Step-1: Backup the Registry

  1. Press Win + R, type regedit, and press Enter to open the Registry Editor.

  2. In the Registry Editor, click on File > Export.

  3. Choose a location to save the backup, enter a file name, and ensure the “Export range” is set to “All”.

  4. Click Save to create the backup.

Step-2: Modify the RDP Port

  1. In the Registry Editor, navigate to:

    pgsql
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

  2. In the right pane, locate the PortNumber entry.

  3. Right-click on PortNumber and select Modify.

  4. In the “Edit DWORD” window, select Decimal under “Base”.

  5. Enter the new port number (e.g., 3390) and click OK.

  6. Close the Registry Editor.

Step-3: Configure the Firewall

After changing the RDP port, update your firewall settings to allow connections through the new port:

  1. Open the Windows Defender Firewall from the Control Panel.

  2. Click on Advanced settings to open the Firewall console.

  3. In the left pane, select Inbound Rules.

  4. Find the rule named Remote Desktop (TCP-In) and double-click to open its properties.

  5. Go to the Protocols and Ports tab.

  6. Change the “Local Port” to the new port number you specified in the registry.

  7. Click OK to save the changes.

Step 4: Restart the Remote Desktop Service

For the changes to take effect, restart the Remote Desktop Service:

  1. Press Win + R, type services.msc, and press Enter.

  2. In the Services window, locate Remote Desktop Services.

  3. Right-click on it and select Restart.

Connecting Using the New Port

When connecting to the remote machine using the Remote Desktop Connection client:

  1. Open the Remote Desktop Connection client.

  2. In the “Computer” field, enter the IP address or hostname followed by a colon and the new port number (e.g., 192.168.1.10:3390).

  3. Click Connect to establish the session.

Comparison: Default Port vs. Custom Port

Changing the RDP port has its pros and cons.

Aspect Default Port (3389) Custom Port
Security Commonly targeted by automated attacks. Reduces exposure to automated scans; however, not a substitute for robust security measures.
Configuration Ease No additional setup required. Requires manual configuration of the registry and firewall settings.
Obscurity Easily identifiable by attackers. Adds a layer of obscurity, making unauthorized access more difficult.

Additional Security Measures

While changing the RDP port enhances security, consider implementing the following measures for comprehensive protection:

  • Strong Passwords: Ensure all user accounts have complex, unique passwords.

  • Network Level Authentication (NLA): Requires users to authenticate before establishing a session, adding an extra security layer.

  • Virtual Private Network (VPN): Limit RDP access to users connected through a secure VPN.

  • Two-Factor Authentication (2FA): Adds an additional verification step during login.

  • Regular Updates: Keep your system and security patches up to date to protect against known vulnerabilities

Conclusion about change remote desktop port

Change Remote Desktop port is a simple yet effective way to enhance security and reduce exposure to cyber threats. By modifying the default port (3389) to a custom one, you can make it harder for attackers to target your system while maintaining seamless remote access. However, it’s crucial to pair this change with additional security measures like firewalls, strong authentication, and network monitoring for optimal protection.

Whether for personal or business use, taking proactive steps in securing remote desktop connections ensures a safer and more controlled computing environment.

Leave a Comment


Copyright (c) 2024 FRPKING All Right Reseved
ABOUT US CONTACT US PRIVACY POLICY