Knowledge Base

Restrict Remote Desktop access, secure weak usernames and passwords

  • 4 October 2017
  • 0 replies
Restrict Remote Desktop access, secure weak usernames and passwords
Userlevel 7
Badge +48
Cybercriminals constantly scan the internet for systems with commonly used remote desktop ports, then brute force them with weak usernames and passwords combinations to gain access. Once access has been gained, the intruder can disable protections, deploy variants of ransomware, create user accounts, and download other unwanted malicious software.

We recommend applying the steps below to help secure RDP and prevent this type of attack:

Preventing scanning for an open port:
*To change the default port, execute the following in an elevated command prompt:

REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d XXXX /f

The parameter “XXXX” is the port number you would like to move RDP to. It is recommended to choose a random port number that is not in use and outside of the 33XX port range.
  • Block RDP entirely (port 3389) via firewall
  • Restrict RDP to a whitelisted IP range
It is also important to monitor possible intrusions with Windows Event Viewer. This will show you what cybercriminals may be doing to try and get in, and help you adjust and use different security measures in your environment. Here’s an example to filter event logs for the event ID “4625” (An account failed to log on):

The information presented in this article has been taken from the Malware Prevention Guide.

This topic has been closed for comments