Question How to properly setup RDP for Windows ?

[isleepzzz]

Hi everyone! I have a dedicated window server machine that I rent from a data center company. I need to use the machine so I have RDP open to the internet so I can access it via my personal computer. I'd like to secure this properly and the best answer I always hear is to close that port to the internet and use a VPN. Now, from my understanding, doesn't that mean I'd have to rent a whole other server and run a VPN on it and then allow that server's local IP to allow RDP through?

I'm a bit lost on how to setup any of this "proper" solution to protect my RDP server.
If someone could shed more information and/or details about this solution, that'd be greatly appreciated.
Thanks!

 

[Ralston18]

Start here:

https://learn.microsoft.com/en-us/w...s/clients/remote-desktop-allow-outside-access

Plan, implement, and test.

Then if there are specific questions or problems - post accordingly.

 

[isleepzzz]

Thanks for the reply however this post has nothing that helps my situation. That post had only 2 pieces of information: "port forward" and "use a vpn". Which of course the "use a vpn" says nothing specific and also about my situation since I cannot control things inside the data center.

 

[BFG-9000]

There is a security risk because if you expose a port to the public internet, within hours every web crawler will know about it and shortly afterwards, people will start trying to break in. This is why it's usually suggested to use a VPN rather than directly RDP over the internet nowadays.

If you are comfortable with the risk, just use a really strong password for Windows login on the server--Windows allows 127 characters. The data center though must be willing to enable port forwarding on their router and assign you a port (as it's likely the default 3389 is already in use), and they can define which source IP or network range can use the port mapping, so you could specify only your home and/or work ones can open it. If they won't, then you have to use a VPN which makes your client appear to be on their local network. Those use VPN ports, which should already be open.

While a VPN is normally a service you buy from a VPN provider (there are free ones that are slow, but realize the VPN provider can see and log everything you do so should be someone you trust), if you aren't trying to access region-locked content, then you could roll your own. Usually at home you would run a VPN server on your router, but you should be able to run Windows VPN software right on the data center server like WireGuard, OpenVPN or Algo.