How do I block access to Remote Desktop?
Windows Remote Desktop Show NOTE: The article below was originally written to address disabling remote desktop connectivity on Windows 10 systems. All of the information we have provided is also compatible with Windows 11. If you need to turn off remote desktop on systems running either operating system, these instructions will work for you. The number of individuals requiring remote access to work or personal computers has dramatically increased in the past two years. The effects of the COVID-19 pandemic have contributed to the move toward working remotely that was already gaining traction throughout society. Consequently, many more users are faced with setting up and managing connections between local and remotely located machines. It can be challenging for inexperienced users to configure remote access tools without the help of a system administrator. Fortunately, many home and traveling users are working with computers running the Windows 10 operating system. This might be a personal machine or a company-issued laptop. This means they can easily take advantage of the Windows Remote Desktop feature to establish a connection between a computer at home and one located in the office. We suggest you check out our how to setup Remote Desktop in Windows 10 article if you need instructions on how to implement remote access from your machine. An equally important activity that may be necessary to perform for a variety of reasons is the ability to turn off Remote Desktop in Windows 10. How to stop remote access to my computer in Windows 10/11Now we will show you how to turn off remote access on Windows 10 systems by following these simple instructions:
You can also disable Remote Desktop manually by editing the Windows registry. We suggest you should only proceed with editing the registry if you are an experienced user and know what you are doing. Mistakes with the reg command can have serious consequences for your system. Use these steps to edit the Windows registry and disable Remote Desktop connections:
Users not comfortable with using the reg command or modifying the registry should use the first method described above. It’s much simpler and is all you need in Windows 10 to disable remote access. The risks of running Windows Remote DesktopWhile running Windows Remote Desktop offers an efficient method of establishing connections to physically distant computers, it does present some security risks that need to be understood by users taking advantage of this Windows service. The same functionality that allows you to access that computer at work opens the door to uninvited guests who may not have your best interests at heart. Following are some of the potential dangers of the Remote Desktop Protocol (RDP):
How to protect your computer from hackers by turning off Remote Desktop accessThe reason you need to know how to disable remote access in Windows 10 is to protect your computer from hackers and malicious unauthorized intruders. We have shown you how to do this with a simple procedure, but if you need remote access to do your job or get important information, you can’t just totally disable RDP. Following are two tips for making your Windows 10 system more secure and minimizing the security risks of enabling Remote Desktop. • Disable Remote Desktop on your Windows 10 system when you don’t need to have the service running. When not actively using RDP to connect to a remote machine, keep it disabled. Get into the habit of turning it on when needed and off when finished every time you use it. • Use strong passwords for your connection credentials. One of the most exploited security vulnerabilities is weak passwords that let hackers gain access to your system and network. Stop using your dog’s name and make it difficult to guess your password. At least eight characters with a mix of upper and lower case letters, numbers, and special characters is the minimum you should be using to protect your RDP sessions. Longer passwords are always better and harder to crack by motivated hackers. It’s really easy to disable Remote Desktop in Windows 10 as we have shown you. Since disabling the service is also the best way to minimize the risk of exposing Remote Desktop services to hackers, we hope you use this simple process to improve security.
The MS-ISAC observes specific malware variants consistently reaching The Top 10 Malware list. These specific malware variants have traits allowing them to be highly effective against State, Local, Tribal, and Territorial (SLTT) government networks, consistently infecting more systems than other types of malware. An examination of the characteristics of these malware variants revealed that they often abuse legitimate tools or parts of applications on a system or network. One such legitimate tool is Remote Desktop Protocol (RPD). Understanding the Threat SurfaceRDP is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389. It provides network access for a remote user over an encrypted channel. Network administrators use RDP to diagnose issues, login to servers, and perform other remote actions. Remote employees use RDP to log into the organization’s network to access email and files. Cyber threat actors (CTAs) use misconfigured RDP ports that are open to the Internet to gain network access. They are then in a position to potentially move laterally throughout a network, escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware. This popular attack vector allows CTAs to maintain a low profile, as they are utilizing a legitimate network service that provides them with the same functionality as any other remote user. CTAs use tools, such as the Shodan search engine, to scan the Internet for open RDP ports and then use brute force password techniques to access vulnerable networks. Compromised RDP credentials are also widely available for sale on dark web marketplaces. RecommendationsAfter evaluating your environment and conducting appropriate testing, use Group Policy to disable RDP. If RDP is needed for legitimate work functions, the MS-ISAC recommends following the below recommendations:
For additional help hardening your system, the MS-ISAC recommends organizations use the CIS Benchmarks and CIS Build Kits, which are a part of CIS SecureSuite. Disabling RDPThe directions below are a general outline of how to disable RDP.
For more information on how to enable or disable RDP please go to Microsoft. The MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, tribal, and territorial (SLTT) governments. More information about this topic, as well as 24×7 cybersecurity assistance is available at 866-787-4722, [email protected]. The MS-ISAC is interested in your comments – an anonymous feedback survey is available. |