Is having port 3389 open on my server 2012 RDP server risky

Posted on 2016-08-12
Last Modified: 2016-08-22
Is having port 3389 open on my server 2012 RDP server risky
Question by:dannyfccs
LVL 33

Accepted Solution

it_saige earned 500 total points
ID: 41753991
The cold hard truth is that *any* open port is a potential security threat.  Internal, external; It does not matter, you are still allowing access to something via a communications port.  In most instances, the port is well-known, well-defined and in of itself, the communication poses little to no threat to system integrity.  In your case you are allowing access to the system in question via 3389, the default RDP port.  Now all a potential attacker needs to do is get past windows security.

In order to minimize the threat level, most admin's will do any (or all) of the following:

A.  Change the port.
B.  Provide a proxy to the port.
C.  Restrict access to the port (this can be accomplished in a multitude of ways; e.g. - targeted source/destination firewall rules).

LVL 95

Expert Comment

by:Lee W, MVP
ID: 41754210
I agree that any port open is risky.

You should not expose RDS to the internet.  Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server.  Exposing ANY port to the internet is risky for any reason and it's generally considered safer to allow access through VPN or RD Gateway instead of direct RDS.

Expert Comment

by:Senior IT System Engineer
ID: 41754809
Yes it is.
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 29

Expert Comment

ID: 41754893
Only if it's directly on the internet.  If it's only accessible within your secure, local network you should have no problems.

Author Comment

ID: 41766093
what alternatives would you use to RDP 3389 then?
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41766354
I'll repeat:
Setup a VPN and allow your users to connect to that first.  Or an Remote Desktop Gateway server

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote Access but no internet access 4 27
Server 2012 VS Server 2016 for SQL Cluster 4 42
2012 R2 - strange boot OS setup 3 25
Microsoft Licensing 3 26
Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question