Question

1. What is RDP default listening port? Explain in depth, why its a bad idea to leave default settings?

2. Are you able to connect to the virtual lab machine via RDP? If you could not connect, explain the reason why in details

Answer 1

Remote Desktop Protocol(RDP) is a communication protocol developed by Microsoft which gives a graphical interface to the user to connect to another computer or pc over a network connection. The user make use of RDP client software for this purpose, while the other computer will run RDP server software.

For most versions of Microsoft Windows , Linux, Unix, MacOS, iOS, Android, and other operating systems there were clients. RDP servers are built for Windows operating systems but there is an RDP server for Unix and OS X(MacOS) also. By default basically server listens on TCP Port 3389 and UDP Port 3389(TCP Port 3389 is used for RDP and is also sometimes used by Windows Terminal Server. You can choose to allow or open this port in Windows Firewall to provide another computer, either on the same network or another network, access to your computer.) For Remote Desktop Connection Microsoft currently referring to their official RDP client software , formerly there was "Terminal Services Client".

The first version of RDP was named as version 4.0 was introduced by Microsoft with "Terminal Services", as of a part of their product Windows NT 4.0 Server which is Terminal Server Edition.

The latest version of RDP is Version 10.0. It includes the new features like Auto Size zoom and in addition graphics compression improvements utilizing Advanced Video Coding.

It is a bad idea to leave default settings because for many years now, Microsoft has offered you a system with Windows that allows you to access another machine. RDP often uses a particular port that is easy to trace out in a scan. And unfortunately, the default account username for an admin is Administrator. Then it is not a secret that having a poor password policy is not good for server security, here it can mean that hackers able to try huge amounts of passwords even before anyone is alerted or an account is locked out. Once an attacker gets admin access, then he can deliver specialized malware or remote access tools that can be even almost impossible for any security solution to detect. Maximum damage can be done with admin privileges and route access to the desktop.

This is why its a bad idea to leave default settings but preventing such brute force attacks isn’t as complicated as it may seem. You can make use of a few actions to keep your system safe.

1.Prevent scanning for an open port:

i) Change default RDP port from 3389 to another unused port.

ii) Block RDP (port 3389) via firewall.

iii) Restrict RDP to a white listed IP range.

2.Prevent attackers from gaining access when RDP is enabled:

If it is an organization then create a Group Policy Object (GPO) to enforce strong password policy (GPOs are important and should be common practice for your organization)

3.Require two-factor authentication.

You can use RDP connection to remotely access Windows VM running in Skytap. You can even use RDP to directly connect to Linux VM that are running an RDP service such as xrdp.

But unlike SmartRDP, a direct RDP connection requires the following:

1.An open RDP port (port 3389) on the VM network adapter.

2.Configuration of the VM guest operating system to support remote desktop access.

To configure a VM for RDP access: In Skytap, open RDP port (port 3389) on the VM network adapter

Create a published service for Windows RDP (port 3389) on the VM network adapter.

3.Once you’ve configured the VM for access, download the RDP file from Skytap and open it with an RDP client on your local machine.

You may get some general errors while you make a Remote Desktop Protocol (RDP) connection to a Windows Virtual Machine (VM) in Azure.

1.Remote access to the server is not enabled

cause:The RDP component is disabled either at the component level or at the listener level or on the terminal server or on the Remote Desktop Session Host role.

2.The remote Computer is turned off

cause:Remote Desktop Services isn't running.

3.The remote computer is not available on the network

cause:The RDP listener is misconfigured.