It’s convenient to use the Remote Desktop Protocol (RDP) for accessing systems over the Internet, especially in server environments. However, exposing RDP to direct connections is risky. This setup gives remote attackers the opportunity to guess logon credentials.
If you are going to run RDP over the internet consider doing the following:
- Change the port on which your systems listen for RDP connection to avoid using the default TCP port 3389. Automated scanners and worms will be less likely to locate your RDP listeners on high-non-standard ports.
- Consider configuring your RDP settings to use Network Level Authentication (NLA) on Windows Vista and later platforms.
- Remember to have strong authentication for systems utilizing RDP to deal with remote password-guessing attacks.