Is having port 3389 open on my server 2012 RDP server risky

Posted on 2016-08-12
Last Modified: 2016-08-22
Is having port 3389 open on my server 2012 RDP server risky
Question by:dannyfccs
LVL 33

Accepted Solution

it_saige earned 500 total points
ID: 41753991
The cold hard truth is that *any* open port is a potential security threat.  Internal, external; It does not matter, you are still allowing access to something via a communications port.  In most instances, the port is well-known, well-defined and in of itself, the communication poses little to no threat to system integrity.  In your case you are allowing access to the system in question via 3389, the default RDP port.  Now all a potential attacker needs to do is get past windows security.

In order to minimize the threat level, most admin's will do any (or all) of the following:

A.  Change the port.
B.  Provide a proxy to the port.
C.  Restrict access to the port (this can be accomplished in a multitude of ways; e.g. - targeted source/destination firewall rules).

LVL 95

Expert Comment

by:Lee W, MVP
ID: 41754210
I agree that any port open is risky.

You should not expose RDS to the internet.  Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server.  Exposing ANY port to the internet is risky for any reason and it's generally considered safer to allow access through VPN or RD Gateway instead of direct RDS.

Expert Comment

by:Senior IT System Engineer
ID: 41754809
Yes it is.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 29

Expert Comment

ID: 41754893
Only if it's directly on the internet.  If it's only accessible within your secure, local network you should have no problems.

Author Comment

ID: 41766093
what alternatives would you use to RDP 3389 then?
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41766354
I'll repeat:
Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question