[SOLVED] Securing Win10 RDP connection

JD007

Distinguished
Jan 2, 2010
64
0
18,530
Hi Guys,

Currently, I am using win10 RDP client to connect to work and do some work. I have read upon the security issues and people are saying it is insecure and recommending to use other apps such as TeamViewer etc. The reason I am using win10 RDP is because I found it is faster than the TeamViewer app. I searched over the internet and implemented few changes to win10 RDP and I am wondering if these steps are sufficient to protect the connection or still not enough and should move on to TeamViewer.

  1. changed the port number from default port. Also, a firewall rule created to block port 3389
  2. in windows firewall rule added to connect to only a specific IP address - (static IP from home added)
  3. 18 digit long password lower/upper case alpha numeric, special characters
  4. in win policy activated account lockup after 3 attempts
  5. NLA authentication enabled
  6. added my profile only to accept the connection, removed everyone
  7. make few changes to Local Group Policy -> Remote Desktop->Security -> connection encryption level, high, require use of specific security layer to SSL

Will above changes serve the purpose or do I still be expose to risk? Any input will be valuable?

Thanks in advance
 
I think you have done quite a bit towards securing your RDP.

Reference link:

https://www.solarwindsmsp.com/blog/rdp-encryption-techniques

What do you now consider to be the most threatening security risks?

Identify the threats and go forward accordingly.

Are you coordinating with the work site IT folks?

The key is to remain up to date and continue being aware of possible new threats/breeches.

Stay pro-active.
 
Solution
Thanks Ralston18, I will review the link. I try to keep the system and AV up-to-date. No currently, I am not working with any IT person. For an additional layer of security, I just signed up with Duo 2FA, so I am hoping between the above factors and plus Duo 2FA, things should be acceptable, without adding any additional VPN.