Introduction.
Windows servers, in particular those that are accessible from the Internet and that run the RDP service, are subject to many attacks, including brute force, to gain access. Attackers may try to hack the server in order to:
- Steal confidential data: Attacks on RDP can be aimed at finding valuable data such as passwords, credit cards, and corporate secrets.
- Encrypt data and demand a ransom (ransomware): Malware developers can use server access to encrypt data and demand a ransom for decrypting it.
- Install botnet or malware: Attackers can take over the server and use it to deploy a botnet or spread malware.
Benefits of changing the RDP port.
1. Increasing security.
The standard RDP port (3389) is widely known and is often subject to brute force attacks and other types of hacking. Changing the port may make your server less vulnerable to such attacks, as attackers may not be able to detect the port that RDP is running on.
2. Reducing garbage in logs.
Due to brute-force attempts, the standard RDP port can cause a lot of redundant entries in the security logs, making it difficult to monitor and detect real threats. Changing the port can reduce false positives in security logs.
3. Load reduction.
Reducing the number of failed attempts to connect to RDP reduces the load on the server and reduces the amount of entries in the security logs.
4. Increasing privacy.
Changing the RDP port helps to hide the server from automatic detection of intruders, which increases the privacy and security of data on the server.
5. Simplify access control.
If you have multiple servers each listening on different RDP ports, this can simplify access control and avoid conflicts when connecting remotely.
Description of command actions.
To change the RDP port, run a series of commands in PowerShell. Open PowerShell like this: press "Win + X" on your keyboard and select "Windows PowerShell (Admin)" or "Windows Command Prompt (Admin)" (depending on your version of Windows). Run the command: Paste the command below into the PowerShell window. Note that you must have administrator rights on the server to run these commands. Also, you may have a blue PowerShell shortcut icon at the bottom near Start on the taskbar (depending on the version of Windows).
1. This command adds an entry to the Windows registry, changing the RDP port to 50000 (you can change it to your desired port from 49152—65535):
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d 50000 /f;
2. This command in PowerShell adds a rule to the firewall that allows incoming TCP connections on the specified port (50000 in this case).
netsh advfirewall firewall add rule name="RDP-Port" protocol=TCP localport=50000 action=allow dir=IN;
3. This command stops the Terminal Services service (RDP service) and starts the Terminal Services service with the new RDP port.
net stop TermService /y; net start TermService;
After executing these commands, the RDP port will be changed to the specified one (in this case, 50000) and the firewall will be configured to allow connections through the new port. You should then be able to connect to the server through the new RDP port.
Full command to change RDP port:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d 50000 /f; netsh advfirewall firewall add rule name="RDP-Port" protocol=TCP localport=50000 action=allow dir=IN; net stop TermService /y; net start TermService;
Command execution results:
After executing the command to change the RDP port, the user will be logged out of the current session and will have to reconnect using the new port. This is because the RDP service is being reconfigured and restarted with the new port settings. Due to the port change, the user will need to connect using the new port, such as "IP address:port".
Conclusion.
Changing the port for RDP on Windows Server is an additional security measure that helps reduce the risk of attacks and improve data privacy on the server. However, keep in mind that this is only one aspect of security, and setting up other security measures is also important for the overall security of the server. It is highly recommended to also use strong passwords, multi-factor authentication and other security measures for your server.