How to Protect Remote Desktop Connection on Windows Server 2022 Using Firewall

How to Protect Remote Desktop Connection on Windows Server 2022 Using Firewall?

/ Knowledgebase, Remote Desktop Protocol (RDP)

To protect Remote Desktop Connection on Windows Server 2022 using the firewall, you need to restrict RDP access to only trusted IP addresses and ensure the RDP port (default 3389) is properly controlled. This can be done by opening Windows Defender Firewall with Advanced Security, creating an Inbound Rule for Remote Desktop, and then configuring the Scope to allow connections only from specific IPs. By limiting who can connect and blocking all other unauthorized traffic, you significantly reduce the risk of brute-force attacks and unauthorized access to your server.

Why Protecting RDP Is Crucial

Remote Desktop Protocol (RDP) is commonly exploited by attackers through methods such as brute force attacks, credential theft, and unauthorized access. Failing to secure RDP connections could lead to:

  1. Data Breaches: Attackers may gain access to sensitive information stored on the server.
  2. Malware Installation: Unsecured servers are at risk of malware, ransomware, or cryptojacking.
  3. Network Compromise: Unauthorized access to a server can escalate to other devices in the network.

Securing RDP using firewall rules ensures only authorized connections are allowed, minimizing the risk of attacks.

Steps How to Protect Remote Desktop Connection on Windows Server 2022 Using Firewall

 

1. Enable Windows Defender Firewall

Before configuring RDP-specific rules, ensure that the Windows Defender Firewall is enabled:

  • Open the Start Menu & search for Windows Desktop Defender Firewall with Advanced Security.
  • Click Turn Windows Defender Firewall on or off.
  • Ensure the firewall is opened for both private & public networks.

2. Restrict RDP Access to Specific IP Addresses

Restricting RDP connections to known IP addresses reduces the risk of unauthorized access.

  • Open Windows Defender Firewall with Advanced Security.
  • In the left-hand menu, click Inbound Rules.
  • Search the rule named PC Remote Desktop – User Mode (TCP-In).
  • Right-click on the rule and select Properties.
  • Go to the Scope tab.
  • Under Remote IP Address, select These IP Addresses & press Add.
  • Add the IP addresses or ranges that are permitted to connect.
  • Click OK to save the settings.

3. Change the Default RDP Port

The default RDP port (3389) is a common target for invaders. Changing this port can help obscure your server from automated attacks.

  • Open the Registry Editor (press Windows + R, write regedit, & press the Submit button).
  • Navigate to the key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
  • Locate the PortNumber entry.
  • Right-click on it, select Modify, and change the port value to a custom number (e.g., 3390 or any unused port above 1024).
  • Update the firewall rule to reflect the new ports:
    • Go to Inbound Rules in the firewall settings.
    • Modify the existing RDP rule to include the new ports.

Important: Document the new port to avoid connection issues.

4. Enable Network Level Authentication (NLA)

Network Level Authentication ensures only users with valid credentials can establish an RDP session.

  • Open Server Manager.
  • Go to Local Server and click Remote Desktop.
  • Ensure the option Allow connections only from a personal desktop running Remote Computer with Network Level Authentication is open.
  • Save the settings and apply.

5. Use Firewall Geo-Blocking

If you only need RDP access from certain regions, use firewall rules to block IPs from other locations.

    • Use tools like IP address lookup to identify ranges for the countries you want to allow.
    • In the Windows Defender Firewall, create a custom rule:
      • Select Inbound Rules > New Rule.
      • Choose Custom and specify the RDP port.
      • Under Scope, define the allowed IP ranges for specific regions.
      • Save and activate the rule.

6. Enable Two-Factor Authentication (2FA)

Joining an additional tier of security to RDP connections is crucial. While not a direct firewall feature, 2FA integrates with Remote Desktop to enhance protection.

  • Use tools like Microsoft Authenticator or third-party solutions like Duo Security.
  • Configure 2FA for user accounts requiring RDP access.
  • Ensure firewall rules still allow the required authentication servers if using cloud-based 2FA services.

7. Implement Brute Force Protection

Brute force attacks are a general method for compromising RDP. Windows Server 2022 offers tools to detect and block these attacks:

    1. Set Up Account Lockout Policies:
      • Open Group Policy Editor (gpedit.msc).
      • Navigate to:
      • Personal Desktop Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
      • Define the lockout threshold, duration, and reset time to block accounts after multiple failed attempts.
    2. Use Firewall Rules for Rate Limiting:
      • In Windows Defender Firewall, create a custom rule to limit incoming RDP connections to prevent repeated login attempts.

8. Regularly Monitor Firewall Logs

Firewall logs provide valuable insights into suspicious activity.

  • Open Event Viewer (eventvwr).
  • Navigate to:
    Applications & Services Logs > Microsoft > Windows > Firewall with leading Security.
  • Review logs for unauthorized attempts and adjust rules as needed.

9. Use Group Policy for Centralized Control

For organizations managing multiple servers, Group Policy allows centralized configuration of firewall rules.

  • Open Group Policy Management on the domain controller.
  • Create or modify a Group Policy Object (GPO).
  • Navigate to:
    Personal Desktop Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security.
  • Define and deploy firewall rules for RDP across multiple servers.

10. Update Windows Server Regularly

Ensuring your server is updated protects against vulnerabilities that attackers may exploit.

  • Open Settings and go to Update & Security.
  • Check for updates and install them promptly.
  • Schedule regular updates during maintenance windows to minimize disruption.

Additional Best Practices for RDP Security

  • Disable Remote Desktop if Not in Use: Turn off RDP when not needed to minimize exposure.
  • Use a VPN: Restrict RDP access to devices connected to your internal network via a VPN.
  • Enable Logging: Keep detailed logs of all RDP connections to monitor access and detect potential breaches.
  • Limit Administrator Accounts: Only allow specific users to log in via RDP to reduce the attack surface.

Conclusion

Protect Remote Desktop Connection on Windows Server 2022 using Firewall is a critical step in protecting your server from cyberattacks. By leveraging the built-in Windows Defender Firewall, implementing advanced configurations, and following best practices, you can significantly reduce the risk of unauthorized access. Whether you’re managing a single server or an entire network, these measures will ensure your RDP sessions remain safe and reliable.

Related Posts

Scroll to Top