Table of Contents<\/p>\n\t\t\t\t
- <\/ul>\n\t\t\t\t<\/div>\n
This type of attack is particularly common for users using the Windows default Remote Desktop Protocol (RDP), only because this is the most commonly used system. Before implementing a remote desktop system, therefore, you should take a look at a guide to the top remote desktop software<\/a>, and also make sure that your remote assistance software<\/a> is hardened against cyberattack. Since your private network is encrypted and hosted outside of your server, this tool doesn't require any additional server resources. A VPN will also assign a dedicated IP address to every machine connected to the network, and will only allow trusted IP addresses to connect to the network.<\/p>\n This makes it extremely difficult for hackers to make illegitimate requests from your remote desktop environment. It also ensures that \u2013 even if someone gets into your network \u2013 they will not be able to read the information that you are sharing across it.<\/p>\n A firewall will also protect your remote desktop system. The best firewalls will allow you to configure which IP addresses and which computers can connect to your servers. Using this tool, you can automatically shut out anyone who tries to connect from an untrusted location.<\/p>\n In addition to installing a firewall on the server that handles your remote desktop software, it\u2019s also important to install uptime monitoring services that will be connecting to the remote desktop. Most network and website monitoring tools today have APIs that connect with firewall software, alerting it if one connected machine is compromised and nipping it in the bud so that it doesn\u2019t infect other computers in the network.<\/p>\n This process is known as 'scoping' the port and is actually really easy to do using the default Windows firewall. Log into your server, go to your firewall settings, and you'll see an option for 'inbound rules'. In that menu, there is another option for 'RDP', where you can specify which IP addresses are allowed to connect to your server in this way.<\/p>\n Implementing this security measure requires, of course, that you know the IP addresses from where your staff will be accessing your remote desktop environment, and that these IPs stay static. The best way of ensuring that is using a VPN (see above), which will automatically assign a dedicated IP address to each machine.<\/p>\n Changing the default RDP port on your server is a slightly more technical process, but there are plenty of guides on how to do this<\/a>. It can also be a good solution if your staff are unable to use static IP addresses when working remotely because in that case scoping the port is impossible.<\/p>\n
\nBeyond these basic steps, there are a few more you can take to improve the security of your remote desktop system.<\/p>\nUse a VPN<\/h2>\n
![\"Use](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/09\/Group-2-21-150x150.png\")
Using a Virtual Private Network (VPN) is one of the best ways to stay safe when working remotely. When using a VPN, your machine will first make an encrypted connection to your private network, and only then will it attempt to sign in to your remote desktop system.<\/p>\nNetwork Firewalls<\/h2>\n
![\"Network](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/09\/Create-a-Customer-Profile-3-150x150.png\")
Firewalls are another extremely effective way of reducing the risk associated with remote desktop environments. If you take security seriously, you are likely already using a firewall to protect and monitor your website. If you are not, do that immediately.<\/p>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/18f62c64-7b6f-413e-aef5-a7bb6cf7696e.png\")
<\/a><\/span><\/span><\/div>\nRestricting the RDP Port<\/h2>\n
![\"Restricting](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/09\/Create-a-Customer-Profile-4-150x150.png\")
By default, remote desktop connections are handled by one port: 3389. Restricting access to this port on your server firewall is a good way of limiting the scope for malicious connections. You can restrict access to this port to a specific set of IP addresses so that no-one else can connect to it.<\/p>\nChanging The RDP Port<\/h2>\n
![\"Changing](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/09\/Create-a-Customer-Profile-2-150x150.png\")
Going further, you can even change the default RDP port to another one. Because hackers know the default RDP port, most brute-force attacks are designed to target this port. By changing the default port, you can avoid this type of attack.<\/p>\n