Hello everyone and welcome toVirtualization Times Jun (XNHCYL)。
“ Hello, I am Virtualization Times, a technology geek who is devoted to the Internet. Here every day for you to share a variety of your interest in technology, tutorials, software, resources, benefits ... (daily updates without interruption, benefits do not see)
Chapter I. The role of 3389
Modifying Microsoft's port 3389 (the default port for Remote Desktop Protocol, RDP) is a common security measure for several reasons:
1. **Reducing the risk of brute-force breaking attacks**
Default port prevalence: 3389 is the default port for RDP, and attackers usually scan common ports for potential targets. By modifying the port, the probability of being scanned and attacked can be reduced. Increase the difficulty of attack: Using non-standard ports can make the attacker need more time and effort to discover and attack the target, thus reducing the possibility of successful intrusion.
2. **Enhanced security**
Level of Security: Although modifying ports does not completely prevent attacks, it can be used as a "security through the barrier" measure to make it more difficult for attackers to break in. Combined with other security measures**: Combined with other security measures (e.g., strong passwords, two-factor authentication, VPN, etc.), the overall security of the system can be significantly improved.
3. **Reduction of log noise**
Reduce Invalid Login Attempts: There are usually a large number of automated attack attempts on the default port. By changing the port, these invalid login attempts can be reduced, resulting in clearer logs that are easier to monitor and analyze.
4. **Compliance requirements**
Meet security standards: Some industries or organizations may have specific security compliance requirements that require modifications to the default port to reduce security risks.
5. **Prevention of automated attacks**
Against automated tools: Many attack tools automatically scan for default ports. By changing the port, you can effectively prevent attacks from these tools.
Chapter II. Changes in methodology
1, the command line to run, / d after 13389 is the need to change to what port numberreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 13389 /f
2、Restart the remote service to make it take effect immediately
net stop UmRdpService
net stop TermService
net start TermService
net start UmRdpService
3. Add firewall rules for new TCP ports
netsh advfirewall firewall add rule name="Remote Desktop 13389/tcp" dir=in program="%SystemRoot%\system32\" localport=13389 protocol=tcp action=allow
4. Add firewall rules for new UDP ports
netsh advfirewall firewall add rule name="remote desktop13389/udp" dir=in program="%SystemRoot%\system32\" localport=13389 protocol=udp action=allow
**Introduction of the meaning of the command Explanation**
netsh advfirewall firewall add rule: This is the basic command for adding firewall rules.
name="remote desktop 13389/tcp": Specify a name for the rule for easy identification.
dir=in: Specifies that the direction of the rule is "inbound" (inbound), i.e., the traffic allowed into the computer.
program="%SystemRoot%\system32\": specifies the path to the program associated with the rule. In this case. is a generic host process on Windows systems and is not normally recommended as a rule for a specific program. Usually, you can omit this parameter and just allow port traffic.
localport=13389: Specifies the local port number to be allowed.
protocol=tcp: Specifies that the protocol used is TCP or UDP.
action=allow: Specifies that the action of the rule is "allowed".
5. Query whether the firewall rules are in effect
netsh advfirewall firewall show rule name="remote desktop13389/tcp" verbose
netsh advfirewall firewall show rule name="remote desktop13389/udp" verbose