Remote Desktop connections are generally secured by RDP and similar protocols, but you can enhance security on your own. In this video, learn what you can do to secure your own connections and the connections you create for others.
- [Instructor] Because a remote desktop connection allows someone to control one computer from another, often over the internet, there are inherent security risks. While there are protocols in place to protect the connection, as well as the ability to connect using a VPN, there are things you can do to secure the connection on your own. Hackers often use brute-force techniques to gain access to a connection or a user account. They do this by flooding a computer with automated log-in attempts. There are many ways to protect against this kind of attack. First, require users to use strong passwords, or require yourself too. And change them often. Strong passwords, often called complex passwords, require users to have both small and capped letters, numbers, special characters, and meet length and other requirements. You can add policies that will lock accounts after a set amount of failed logins as well. If locked out the user will have to wait for an administrator to unlock the account, or simply wait 15 to 30 minutes before they try again depending on how you have it set up. This can be configured using the local security policy console. I'll discuss this at the end of the video. If your organization supports it, two factor authentication is a great way to protect your assets. This requires a user to input a code they get on their cell phone or in an email before making the connection. It's important to keep your computers up to date as well. When Microsoft discovers security holes and breaches, they send out patches. These come in the form of updates. You can make sure that updates are enabled on any computer you use with remote access. Here's how to do it on Windows 10. In the task bar type windows update settings. And click it in the results. See if there are any updates. In this instance, you can see that updates are available and they are pending download. Here I can also view update history, set advanced options, and change active hours. You'll also need to verify the windows firewall is enabled or a third party firewall is in place. I'll close this window and I'll again type in the task bar. I'll type firewall and I'll click windows defender firewall here in the results. You can see that everything is green here, which means the firewall is on and it's performing properly. There are additional options for network administrators such as changing the default port used by RDP from the default of 3389 to something else. Changing the port makes it more difficult for hackers to find a way in if the default port isn't available. Admins can also require that RDP connections are made using only IP addresses and not computer names. Again, it's simply more difficult to break in using an IP address than a computer name. You can also configure a VPN. If you're interested in looking at the security settings I mentioned earlier from the local security options here's how. From the task bar type secpol.msc. Click that in the results. Maximize and expand so you can see all of the screens and expand account policies. You can set anything you like here with regard to password policy and account lockout policy. With a password policy, you can create a password age, a password length, and you can require complexity requirements among other things. From account lockout policy, you can set an account lockout with a threshold and a duration and even a reset. Be careful when you make changes using the security policy editor though, whatever you configure here is applied to the computer you're using and make sure you know how to get back here and have some option for logging on as an administrator should you lock yourself out of your computer.
- VPNs for Windows 10
- Configuring client apps
- Securing remote connections
- Configuring and optimizing a VPN
- Making remote connections
- Managing remote data
- Troubleshooting remote connections
- Advanced options