Since I have come across this a few times this past month, it is important I write an in-depth article on the steps necessary to change RDP default port. This will mostly be applicable for Windows 10 users.
You probably already know that the default for RDP (Remote Desktop Port) is 3389 TCP/UDP. If you know this, chances are that every hacker out there knows this too.
To keep your computer safe from Internet attacks, you may consider changing it. I always recommend this especially since online privacy and security should not be compromised.
The process of changing it is a beginner to intermediate computer hack and as long as you can follow its guide without jumping any of the steps, you would be just fine.
The main points to note before starting are that you would need to alter settings on your Windows registry, as well as add a few rules to the Windows firewall.
What is RDP (Remote Desktop Port)?🤷♂️
Before delving into how to change RDP default port, let me give some detailed explanation on RDP. If you are already familiar with this, you can jump to the next session where I take you on a step-by-step guide.
The Microsoft proprietary protocol known as RDP or Remote Desktop Port is responsible for enabling remote access or connections to computers.
It does this using the default TCP 3389 port. The protocol makes use of an encrypted channel to provide network access. This protocol is especially important to network admins who find it to be a useful tool for login servers, diagnosing issues, and performing other remote operations.
Users would also find it beneficial for remotely accessing an organization’s network, using files and services remotely.
CTAs or Cyber threat actors/hackers also find this to be a very important tool and would use the protocol to gain access to devices and networks in cases where RDP ports are misconfigured.
Once in, they have access to the entire network and would be able to escalate user privileges, access sensitive and confidential files, inject malware and gain access to vital credentials.
When CTAs use this protocol, they are able to keep a low profile especially since they are using a trusted network service. Using a range of tools, they would be able to scan internet devices for open RDP ports.
Once these are located, with some brute force, they may be able to gain access to a vulnerable organization’s network. Unfortunately, in the black market of the dark web, a lot of compromised credentials for Remote Desktop Ports are on sale.
The MS-ISAC in 2018 documented a spike in ransomware variants. Most of these were seen to be strategically targeted at networks through poorly secured or misconfigured RDP ports, and in some cases password brute force attacks.
Recommendations For RDP
Examine the requirement for RDP, port 3389, to be open on workstations and, if necessary do the following:
- Install a firewall in front of any machine with an active RDP port and demand users to connect through a VPN.
- To protect against brute-force attacks, use multi-factor authentication, strong passwords, and account lockout rules.
- Connections to certain trustworthy hosts should be whitelisted.
- If feasible, limit RDP logins to approved non-administrator accounts. Follow the principle of lowest privilege, making sure that users only have the access they need to do their tasks;
- Keep a journal and go over it afterward. RDP login attempts should be checked for unusual behavior and kept for at least 90 days. Ensure that this service is only accessible by authorized users.
If RDP isn’t needed, make sure the ports are protected on a frequent basis.
Make sure the cloud-based solutions follow your cloud service provider’s best practices. After you’ve set up your cloud infrastructure, make sure RDP ports aren’t activated unless it’s for special reasons.
Activate automatic updates on the operating system to make sure that the client and server software is up to speed.
Change RDP Default Port: Step-By-Step
The first step of this process is changing the RDP port in the registry.
Here is the process for it:
Step1:- Open your registry Editor (Regedit) – Use the keyboard hotkey Windows + R to open the run box where you should type in “Regedit” followed by hitting enter or clicking the OK button.
When the registry editor opens, navigate to the following location on your left pane:
After clicking on RDP-TCP, select the port number option at the right pane.
You should get a pop-up box. In the Value data textbox, edit the values for the new port number update it with 3489 or some other value you choose and click OK. You would have to select the Decimal radio bottom before doing this.
Now we are done with the “Change RDP Default Port” process on the registry, you could close the registry and proceed to the next stage of the process.
This next step would make sure that traffic can pass through the newly assigned Remote Desktop Port.
Here are the steps:
On your Windows 10, navigate Control Panel, All Control Panel Items, and Windows Firewall.
On the left pane, select the option for Advanced Setting.
On the left pane of the new window, select the option for inbound rules, then click on the new rule option.
On the first window that appears, select the port option and click the next bottom.
On the next window, select the “TCP” protocol option (this may be the default). Change the value of the “Specific local ports” option to the value of the updated RDP you created on the registry. After this, click on the Next button.
When the next window appears, leave all the settings in the defaults and click on the Next button.
After this, you would have the option to apply the rule to all your network profiles, click the Next button.
In the next screen that appears you would need to type a recognizable name in the name textbox. You should choose any name that you like for this section. Once it is done, click the Next button again.
Once this is done, you would have to start the steps all over from when you created a new inbound rule. When you get to the step where you selected TCP, this time, select the option for UDP.
Restart your PC after establishing the 2 (two) incoming rules, and you’ll be able to connect to your computer from a remote desktop using the newly created port number.
Suppose you are using the custom RDP port number 8888 then you need to put the port like Remote_IP_address:8888
Change RDP Default Port FAQ
Does (RDP) Remote Desktop use any additional ports to transmit traffic?
The one port specified above will be used for primary remote desktop communication. Streaming will be tried directly over UDP if sound is enabled. If this connection isn’t possible, Remote Desktop will use the primary remote desktop port to transmit sound via a virtual channel.
Why do you get an error message that says “Insufficient privileges”?
You do not have permission to connect to the session you are attempting to connect to. It’s very probable that you’re attempting to login to an administrator session.
The console can only be accessed by administrators. In the remote desktop’s advanced settings, be mindful that the console switch is disabled. Please contact your system admin for additional help if this is not the cause of the issue.
What caused the “Access Denied” error?
The Remote Desktop Gateway generates the “Access Denied” error as a consequence of improper credentials being entered during the connection attempt. Double-check that you have the correct password and username are correct.
If the connection functioned before but the problem happened later, it’s possible that you modified the Windows user account credentials and it has not been updated it in the remote desktop settings yet.
Final Words on Change RDP Default Port
Changing the RDP Port in Remote Desktop is one of your best bets to prevent hackers from targeting your remote clients. The function of altering RDP port has been discussed in this article.
Windows Remote Desktop (RDP) is a built-in Windows function that enables you to access machines on your network from anywhere in the world. You can view and access all of the applications and data on a remote computer, as well as do all of the tasks that you would perform on a regular/local desktop computer.
This capability has been used to access computer terminals that do not have a display or keyboard connected to them at all times, such as PCs, servers in the server room, or simply someone else’s client for tech assistance.
Because the Windows remote desktop (WRD) connection has been discovered as having certain vulnerabilities, hackers are keen to utilize it as a key point of attack. Remote Client Protection is a serious concern for IT departments all over the world, and changing the port as discussed in this article is a good way to go.