You Need to Change Your RDP Port to Stay Safe: Here’s How
Reading Time: 4 minutesWith more people working remotely, hackers routinely target the default RDP port number. Changing the port is an easy way to block such attacks.
Connecting your Windows PC remotely to a host computer uses Microsoft’s proprietary network communication protocol known as Remote Desktop Protocol (RDP).
TCP 3389 is the default port assigned for RDP on your PC. But you should change it. Here’s why you should make the change, how to do it, and how to configure Windows firewall rules for a custom RDP port.
Why You Should Change the RDP Port
TCP 3389, a default RDP port for all remote connections, is on hackers’ radar. They use brute force attacks and other methods to guess login credentials to get access to TCP 3389. Once they are in, they can steal or encrypt sensitive data, install malware, and do anything that takes their fancy on remote computers.
When you change the default RDP port number from 3389 to any other free port, it becomes difficult for hackers to guess which RDP port you use. And changing the RDP port is especially helpful when you have turned network-level authentication (NLA) off.
Sometimes, a few firewalls are configured to block incoming and outgoing communication to and from port 3389 by default to prevent hackers from accessing port 3389. Changing the default RDP port can be one way to work around those firewalls.
How to Check the Default RDP Port Number of Your PC
Press Windows + X, and open Terminal (Admin). Paste the following command in Windows PowerShell, and press Enter.
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name 'PortNumber'
You have found the default RDP port of your PC.
How to Change the RDP Port
You can change your PC’s default RDP TCP port to a new one by making a few tweaks in the Registry Editor. The process is simple.
But we strongly recommend you first back up the Windows Registry so that you can quickly restore it if anything goes wrong. Here is how to do it.
Press Windows + R to open Run, and type ‘regedit’ in the search box. Press OK to open the Registry Editor.
Right-click on Computer and select Export from the context menu.
Export Registry File will ask to choose the location and file name for your exported registration files. Pick a location and export the registry with a name you can easily remember.
Once you’re done backing up Windows Registry, follow the below-mentioned steps to change the RDP port. For this example, we have chosen port 51289 to make it the RDP listening port for remote desktop service.
Open Windows Registry Editor, and paste the following command in the search bar. Press Enter to reach RDP-TCP settings.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Scroll down in the right sidebar until you reach PortNumber. Double-click on it to edit. Select the Decimal radio option in the edit window, and enter your desired port number (51289) in the Value data field. Click OK to continue.
Close the Windows Registry Editor and restart your PC. You have successfully changed the default RDP port of your PC to 51289.
You can also change your default RDP port with the help of the Windows PowerShell command.
Run Windows Terminal (Admin), and paste the following PowerShell command in the command window. Then, press Enter.
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name PortNumber -Value 51289
The default RDP port on your Windows PC has changed to a non-standard RDP port: 51289. Your PC will now use the 51289 port for remote desktop connection.
How to Pick the Right Number for a Custom RDP Port
There are 65,535 port numbers. Common TCP/IP applications use port numbers from 0 to 1023, which are called well-known ports. For example, port number 443 is used for Certificate-based authentication (HTTPS).
So it is advisable not to change the RDP port on Windows to any number from 0 to 1023.
Ports from 49152 to 65535 are known as dynamic ports and are commonly used by clients to make a connection to a server. As a result, many people prefer to choose a port number from 49152 to 65535 to avoid conflict with any well-known or custom services.
Configure Windows Firewall for a Custom RDP Port
Now that you have changed the default RDP port number on your PC, you must create Windows firewall rules for the custom RDP port number.
If you don’t do that, your Windows firewall defender may prevent you from using remote desktop services using the custom RDP port.
Run Windows Terminal (Admin) and type the following in the command prompt. Then, press Enter.
New-NetFirewallRule -DisplayName 'RDPPORT_TCP' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 51289
Now, paste the following command and press Enter.
New-NetFirewallRule -DisplayName 'RDPPORT_UDP' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort 51289
Restart your PC and turn on the remote desktop feature on your PC. It will use the custom RDP port for listening.
How to Enhance the RDP Security
Hackers are perpetually trying to exploit RDP vulnerabilities. Changing the default RDP port is just one way to strengthen your RDP port security.
Here are some best RDP security tips to prevent a remote desktop protocol attack.
- Every account having access to a remote desktop must use strong passwords and multi-factor authentication.
- Microsoft offers patches to known vulnerabilities, so you should ensure that your OS is always up-to-date.
- Use an RDP gateway to add a layer of security to remote desktop sessions.
- Keep network-level authentication (NLA) enabled.
- Limit users who can log in using the remote desktop feature.
Also, you should implement the principle of least privilege that provides remote users with the minimum level of access to data and resources. As a result, you can limit the damage cyber criminals can cause in the event of their unauthorized access to an enterprise network.
Change the RDP Port to Stay Protected
With more and more companies adopting the remote work model, the number of remote connections has increased exponentially. Consequently, hackers target the default remote desktop protocol port to access enterprise networks.
Changing the RDP port is an excellent strategy to keep your RDP port hidden from hackers, as hackers commonly target the default remote desktop port. Additionally, you should amp up the security of your RDP port to make your RPD port inaccessible to hackers.
Reference: https://www.makeuseof.com/how-to-change-rdp-port/
Ref: makeuseof
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG