Solved

Is having port 3389 open on my server 2012 RDP server risky

Posted on 2016-08-12
6
61 Views
Last Modified: 2016-08-22
Is having port 3389 open on my server 2012 RDP server risky
0
Comment
Question by:dannyfccs
6 Comments
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
ID: 41753991
The cold hard truth is that *any* open port is a potential security threat.  Internal, external; It does not matter, you are still allowing access to something via a communications port.  In most instances, the port is well-known, well-defined and in of itself, the communication poses little to no threat to system integrity.  In your case you are allowing access to the system in question via 3389, the default RDP port.  Now all a potential attacker needs to do is get past windows security.

In order to minimize the threat level, most admin's will do any (or all) of the following:

A.  Change the port.
B.  Provide a proxy to the port.
C.  Restrict access to the port (this can be accomplished in a multitude of ways; e.g. - targeted source/destination firewall rules).

-saige-
1
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41754210
I agree that any port open is risky.

You should not expose RDS to the internet.  Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server.  Exposing ANY port to the internet is risky for any reason and it's generally considered safer to allow access through VPN or RD Gateway instead of direct RDS.
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41754809
Yes it is.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 27

Expert Comment

by:serialband
ID: 41754893
Only if it's directly on the internet.  If it's only accessible within your secure, local network you should have no problems.
0
 

Author Comment

by:dannyfccs
ID: 41766093
what alternatives would you use to RDP 3389 then?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41766354
I'll repeat:
Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now