Monday, 27 January 2020

Securing your Remote Connection

Securing your Remote Connection

Remote Desktop Protocol is one of the most used service with in all of Information Technology, this provides support to control terminals or workstations remotely created a rise in productivity for technical support. Utilizing this feature within your infrastructure saves many trips down to the data center or to a end users workstation. Being able to control a whole operating system with a click of a button has been amazing and incredible.

Now with this use there are some considers within this easy to use protocol. this services runs over port 3389 on your workstation which is a standard set by IEEE. being widely known as the RDP port it is a heavy target for hackers. as the information that is known to us is easily known to a common black hat. A simple port scan on a target with RDP enable will register 3389 is open, this is one of best things for an attacker but not so much for a network administrator.

You may be in control panel right now disabling your RDP but dont worry I have a solution which could kill two bird with one stone for network administrators needing to remote into multiple machines externally.

First if you read my pervious article about configuring your DNS to implement RDP externally you already are on the right track. This articles purpose is to help you secure your remote desktop needs. So you may think this could be a very complicated process and will take hours but this will give you a secure solution with a few easy steps. First thing we are going to do is ditch the 3389 port!! using windows allows a lot of heavy configuration to customize to your needs. This only takes a few steps of editing the registry.

Open Run, Type in Regedit and hit enter now navigate to this location:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

Right click on the entry and edit it to whatever port youd like, Id recommend a high port something not used by another service to save yourself a headache with conflicts. I normally use something in the 4000s

now go in to your router or firewall and forward the port to the one youve selected above and block the 3389 port so you dont have to worry about any exploits over that services
Now if you remember I said this could kill two birds with one stone, since we are changing the port on the service running on one workstation we can do this to multiple machines. using another port like 4002 on a second workstation and forwarding the port to the correct IP youll be able to access multiple workstations remotely without an issue. This also requires enabling remote desktop on that particular workstation. Now you may ask how can I access my workstation if the connection manager by default looks for the port 3389. Use this as the address www.mydomain.com:4001 This forwards the request to that port number.

I hope this was a helpful tutorial for everyone if you have any questions please comment below.

No comments:

Post a Comment